File: /var/www/farm.kosmicfarms_backup/app/plugins/SecurityPlugin.php
<?php
use Phalcon\Acl\Adapter\Memory;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Acl;
use Phalcon\Events\Event;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Mvc\User\Plugin;
// Create the ACL
class SecurityPlugin extends Plugin
{
public $acl; // Declaration only
public function __construct() {
$this->acl = new Memory();
// 1. Define Default Action (Deny if not specified)
$this->acl->setDefaultAction(Acl::DENY);
// 2. Register Roles
$this->acl->addRole(new Role('guest'));
$this->acl->addRole(new Role('manager'));
$this->acl->addRole(new Role('admin'));
// 3. Register Resources (Controller -> Actions)
$this->acl->addResource(new Resource('index'), ['index']);
$this->acl->addResource(new Resource('login'), ['index']);
$this->acl->addResource(new Resource('session'), ['login']);
$this->acl->addResource(new Resource('dashboard'), ['index']);
$this->acl->addResource(new Resource('posts'), ['edit']);
// 4. Set Permissions
// Allow guests only public access
$this->acl->allow('guest', 'login', ['index']);
$this->acl->allow('guest', 'session', ['login']);
$this->acl->allow('manager', 'login', ['index']);
$this->acl->allow('manager', 'dashboard', ['index']);
$this->acl->allow('manager', 'posts', ['edit']);
$this->acl->allow('admin', '*', ['*']);
}
public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
{
$auth = $this->session->get('auth');
$role = $auth ? $auth['role'] : 'guest';
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
if (!$this->acl->isAllowed($role, $controller, $action)) {
$dispatcher->forward(['controller' => 'login', 'action' => 'index']);
//$this->flashSession->error('You must be logged in to access this area.');
//$this->response->redirect('/login');
return false; // Stop dispatch
}
}
}