Zend Framework 2 - ZFCUser - How to exclude landin

2019-07-30 01:35发布

站内问答 / PHP
817 1 6

I'm using ZF2 in combination with ZFCUser and bjyauthorize. I have a landing page which should be globally accessable. All other pages need to be behind a login.

At first I blamed bjyauthorize for not letting guest users access my landing page. But after some discussions it seems that ZFCUser is blocking the way.

My question is: How can I tell ZFCUser not to block one page/action?

Edit:

My Application/Module.php looks like in this post. When I add my app myApp to the whitlist, I can access my landing page but all other actions from myApp as well.

Any ideas how to alter the condition that I can match the URL or just whitlist my frontend-action?

Maybe I could add a second route to my landing page. But that's not a clean solution, right?

1条回答
啃猪蹄的小仙女
2楼-- · 2019-07-30 02:33

If you insist on checking authentication in the onBoostrap method you could do something like this:

class Module
{
    protected $whitelist = array(
        'zfcuser/login' => array('login'),
        'your-landing-route' => array('your-landing-action'),
    );

    public function onBootstrap($e)
    {
        $app = $e->getApplication();
        $em  = $app->getEventManager();
        $sm  = $app->getServiceManager();

        $list = $this->whitelist;
        $auth = $sm->get('zfcuser_auth_service');

        $em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
            $match = $e->getRouteMatch();

            // No route match, this is a 404
            if (!$match instanceof RouteMatch) {
                return;
            }

            // Route and action is whitelisted
            $routeName = $match->getMatchedRouteName();
            $action = $match->getParam("action");

            if(array_key_exists($routeName,$list) && in_array($action,$list[$routeName])) {
                return;
            }

            // User is authenticated
            if ($auth->hasIdentity()) {
                return;
            }

            // Redirect to the user login page, as an example
            $router   = $e->getRouter();
            $url      = $router->assemble(array(), array(
                'name' => 'zfcuser/login'
            ));

            $response = $e->getResponse();
            $response->getHeaders()->addHeaderLine('Location', $url);
            $response->setStatusCode(302);

            return $response;
        }, -100);
    }
}

I've just changed the code a little but so your white list also contains specific actions. Then we can check the action parameter to be a little bit more specific with your white listing.

I don't know if this is the best way to do it, I'm just showing you how you can do it.

I don't think you even need to check authentication when using BjyAuthorize as you can just use resource checks. If a user has anything other than a guest role then they are a real user and are authenticated. Again, I'm not 100% on that but I do know that I don't use ZfcUser authentication checks in my application which uses BjyAuthorize. I just use route guards to specify the role level needed for a aparticular route.

Maybe somebody else could clarify this?

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)