acl = new Zend_Acl(); $this->conf = Kohana::config('acl.acl'); // initialise the roles from the list foreach( $this->conf->roles AS $role => $inherit ) { $this->acl->addRole(new Zend_Acl_Role($role)); } // initialise the resources from the config foreach( $this->conf->resources AS $resource ) { $this->acl->add(new Zend_Acl_Resource($resource)); } // initialise the resources from the config foreach( $this->conf->allowed AS $allowed ) { $r = isset($allowed['resource'])?$allowed['resource']:null; $a = isset($allowed['actions'])?$allowed['actions']:null; $this->acl->allow( $allowed['role'], $r, $a ); } // initialise the resources from the config foreach( $this->conf->denied AS $denied ) { $r = isset($denied['resource'])?$denied['resource']:null; $r = isset($denied['actions'])?$denied['actions']:null; $this->acl->deny( $denied['role'], $r, $a ); } // Singleton instance self::$instance = $this; } /** * check acl for permission to view resource * * @param string $group * @param string $resource * @param string $action * @return boolean * @author Andy Bennett */ function check( $group, $resource, $action ) { try { return $this->acl->isAllowed( $group, $resource, $action ); } catch (Exception $e) { Kohana::log('debug', $e->getMessage()); throw new Kohana_User_Exception( "ACL Error", $e->getMessage() ); } } /** * return a list of the groups * * @return array * @author Andy Bennett */ public function get_groups() { $new = array(); $roles = Kohana::config('acl.acl')->roles; foreach($roles AS $role => $val) { if($role=='superadmin') { continue; } $new[] = steamcore::array_object( array('id' => $role, 'title' => $role) ); } return $new; } /** * redirect if acl validity fails * * @param string $role * @param string $action * @param string $module * @param string $bounce * @return void * @author Andy Bennett */ public function redirect( $group, $action, $resource=null, $bounce='' ) { if (!$this->check( $group, $resource, $action )) { url::redirect( $bounce ); } } }