Zend_Navigation, Zend_ACL + Roles not filtering correctly through an AJAX request
I have been using zend_acl and Zend_Navigation together on my project currently and it seems to work correctly. I am how ever using a lot of AJAX in my site and have made a login with jqModal and jQuery which logs in users without reloading the current page and have the need to reload the navigation as well. I have so far got it working but the navigation being return is all the links with the visible field as true which is incorrect. For example when I am logged in as a user the login link should not be visible.
My code below for Action, JavaScript function and JSON returned.
current role = admins
// CONTROLLER ACTION
public function getnavigationjsonAction()
{
//$view->navigation($container)->setAcl($this->_acl)->setRole(Zend_Registry::get('role'));
// echo $this->navigat开发者_如何学Pythonion()->menu();
$navigation = $this->getView()->navigation()->setAcl($this->_acl)->setRole(Zend_Registry::get('role'));
//die(Zend_Registry::get('role'));
//die($this->_acl);
$this->_helper->json($navigation->toArray());
}
// JAVASCRIPT FUNCTION
function reloadNavigationMenu()
{
//alert('reloading navigation');
$.ajax( {
url : "/default/ajax/getnavigationjson",
type : "POST",
cache : false,
async : false,
data : "format=json",
success : function(data) {
var html='<ul class="navigation">';
console.log(data);
$.each(data, function(i) {
if(data[i].visible === true) {
//console.log(data[i]);
html+='<li>';
html+='<a href="/'+data[i].module+'/'+data[i].controller+'/'+data[i].action+'">'+data[i].label+'</a>';
html+='</li>';
}
});
html+='</ul>';
$('#zend_navigation_container').html(html);
}
});
}
// RETURN JSON data from controller
[ { "action" : "index",
"active" : false,
"class" : null,
"controller" : "admin",
"id" : null,
"label" : "Admin Section",
"module" : "admin",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "admin:admin",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Home",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : null,
"rel" : [ ],
"reset_params" : true,
"resource" : null,
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "News",
"module" : "news",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "news:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Tutorials",
"module" : "tutorials",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "tutorials:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "about",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "About",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "about",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "comments",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Comments",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "comments",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "contact",
"id" : null,
"label" : "Contact",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:contact",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "login",
"active" : false,
"class" : null,
"controller" : "auth",
"id" : null,
"label" : "Login",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "login",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:auth",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "logout",
"active" : false,
"class" : null,
"controller" : "auth",
"id" : null,
"label" : "Logout",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "logout",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:auth",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
}
]
This is when I am currently logged in as admin and the links for login should be hidden but its not. This looks like the ACL is not being properly assigned to the navigation.
I think that Zend_Navigation uses ACL to determine if page should by visible during render time. It doesn't alter your navigation objects when you pass ACL object to it.
You need a different approach if you want to create custom navigation container reduced by ACL - maybe extending Zend Navigation classes and add appropriate methods.
You will need to force Zend_Navigation to re-render the navigation. As stated before, it "filters" the rendering based on the acl. Also, not sure how you are storing that role in Zend_Registry, but you may want to consider having that role returned when you query Zend_Auth to authenticate the user, if that role is not updated it could also cause issue. I would also suggest setting up your acl etc in a action helper instead of an action, so that it can process for "any" action instead of just this action. The fact that the items are present should indicate that the menu for some reason is not being re-rendered, or the updated role is not being passed to the Acl, if it were the menu items would not be present in the menu at all. Zend_Navigation will not render any items that have been filtered by the acl, it goes far beyond just setting the item to not be visible.
Furthermore, what role defines the privilege for showing the login tab? You should tell the acl to deny that to a standard user and up if your roles are inheriting from a common user role, if not, then it may indeed be working just as it should. As an example:
//..//..//
$this->addResource(new Zend_Acl_Resource('login')); //<- Allows the hiding of the login navigation tab
$this->addResource(new Zend_Acl_Resource('logout')); //<- Allows the hiding of the logout navigation tab
$this->allow($guest, array('user'), array('user.login', 'user.register'));
$this->allow('user', array('user', 'useraccount'), array('user.view', 'user.logout', 'user.account-editown', 'user.edit-account', //<-end user privs
));
//..//..//
$this->deny('user', array('user'), array('user.login', 'user.register'));
加载中,请稍侯......
精彩评论