Here is my bjyauthorize.global.php contents
<?php
return array(
'bjyauthorize' => array(
// set the 'guest' role as default (must be defined in a role provider)
// 'default_role' => 'guest',
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
* roles the "identity role" should inherit from.
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => 'BjyAuthorize\Provider\Identity\ZfcUserZendDb',
/* If you only have a default role and an authenticated role, you can
* use the 'AuthenticationIdentityProvider' to allow/restrict access
* with the guards based on the state 'logged in' and 'not logged in'.
*/
// 'default_role' => 'guest', // not authenticated
// 'authenticated_role' => 'user', // authenticated
// 'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\Config' => array(
'admin' => array(),
'guest' => array()
),
// this will load roles from the user_role table in a database
// format: user_role(role_id(varchar), parent(varchar))
'BjyAuthorize\Provider\Role\ZendDb' => array(
'table' => 'user_role',
'role_id_field' => 'roleId',
'parent_role_field' => 'parent_id',
),
// this will load roles from the 'BjyAuthorize\Provider\Role\Doctrine'
// service
// 'BjyAuthorize\Provider\Role\Doctrine' => array(),
),
// resource providers provide a list of resources that will be tracked
// in the ACL. like roles, they can be hierarchical
'resource_providers' => array(
// 'BjyAuthorize\Provider\Resource\Config' => array(
// 'pants' => array(),
// ),
'BjyAuthorize\Provider\Resource\Config' => array(
'Collections\Controller\CollectionsController' => array('admin'),
),
),
/* rules can be specified here with the format:
* array(roles (array), resource, [privilege (array|string), assertion])
* assertions will be loaded using the service manager and must implement
* Zend\Acl\Assertion\AssertionInterface.
* *if you use assertions, define them using the service manager!*
*/
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
// allow guests and users (and admins, through inheritance)
// the "wear" privilege on the resource "pants"
// array(array('guest', 'user'), 'pants', 'wear')
array(array('admin'), 'Collections\Controller\CollectionsController', 'index')
),
// Don't mix allow/deny rules if you are using role inheritance.
// There are some weird bugs.
'deny' => array(
// ...
// array(array('admin', 'guest'), 'collections', 'add')
),
),
),
/* Currently, only controller and route guards exist
*
* Consider enabling either the controller or the route guard depending on your needs.
*/
'guards' => array(
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all controllers and actions unless they are specified here.
* You may omit the 'action' index to allow access to the entire controller
*/
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'index', 'action' => 'index', 'roles' => array('admin','guest')),
array('controller' => 'index', 'action' => 'stuff', 'roles' => array('admin')),
array('controller' => 'Collections\Controller\CollectionsController', 'roles' => array('admin', 'guest')),
// You can also specify an array of actions or an array of controllers (or both)
// allow "guest" and "admin" to access actions "list" and "manage" on these "index",
// "static" and "console" controllers
// array(
// 'controller' => array('index', 'static', 'console'),
// 'action' => array('list', 'manage'),
// 'roles' => array('guest', 'admin')
// ),
array('controller' => 'zfcuser', 'roles' => array('admin', 'guest')),
// Below is the default index action used by the ZendSkeletonApplication
array('controller' => 'Application\Controller\Index', 'roles' => array('guest', 'admin')),
),
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all routes unless they are specified here.
*/
'BjyAuthorize\Guard\Route' => array(
array('route' => 'zfcuser', 'roles' => array('admin', 'guest')),
array('route' => 'zfcuser/logout', 'roles' => array('admin', 'guest')),
array('route' => 'zfcuser/login', 'roles' => array('admin', 'guest')),
array('route' => 'zfcuser/register', 'roles' => array('guest', 'admin')),
// Below is the default index action used by the ZendSkeletonApplicationarray('route' => 'zfcuser/register', 'roles' => array('guest', 'admin')),
array('route' => 'collections/index', 'roles' => array('guest', 'admin')),
array('route' => 'home', 'roles' => array('guest', 'admin')),
),
),
),
);
I have a database structures like this:
--
-- Table structure for table `user`
--
CREATE TABLE IF NOT EXISTS `user` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(255) DEFAULT NULL,
`email` varchar(255) DEFAULT NULL,
`display_name` varchar(50) DEFAULT NULL,
`password` varchar(128) NOT NULL,
`state` smallint(5) unsigned DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=7 ;
--
-- Dumping data for table `user`
--
INSERT INTO `user` (`id`, `username`, `email`, `display_name`, `password`, `state`) VALUES
(1, NULL, '[email protected]', NULL, '$2y$14$fL.K0rieXO.kHsHfOogH8Oaf..C.1GsYqEB49A3Dmxy9ZiMhWHx7.', NULL);
-- --------------------------------------------------------
--
-- Table structure for table `user_role`
--
CREATE TABLE IF NOT EXISTS `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`roleId` varchar(255) NOT NULL,
`is_default` tinyint(1) NOT NULL,
`parent_id` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
--
-- Dumping data for table `user_role`
--
INSERT INTO `user_role` (`id`, `roleId`, `is_default`, `parent_id`) VALUES
(1, 'admin', 1, 'admin'),
(2, 'guest', 1, 'admin');
-- --------------------------------------------------------
--
-- Table structure for table `user_role_linker`
--
CREATE TABLE IF NOT EXISTS `user_role_linker` (
`user_id` int(11) unsigned NOT NULL,
`role_id` int(11) NOT NULL,
PRIMARY KEY (`user_id`,`role_id`),
KEY `role_id` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Dumping data for table `user_role_linker`
--
INSERT INTO `user_role_linker` (`user_id`, `role_id`) VALUES
(1, 1);
I have modified column of user table according to this issue. And I have modified Mapper of ZfcUser for user_id to id. It is working properly because it is not showing any error.
Even though there are no any errors I always get "403 Forbidden" for any module I visit (/user and /collections) except for login page (zfcuser/login) before login.
I have a doubt in database for user_role_linker table's data. I did not find proper documentation to enter roles data for user_role table in BjyAuth library . Suggest me is there any mis-configuration in config file or in database tables or anything else that is not mention here.
You are possibly trying to do too much without knowing if you have the foundations setup correctly. Not a complete answer but I would suggest the following;
Install Zend Framework Developer Tools ( https://github.com/zendframework/ZendDeveloperTools ) once running it has a toolbar on the bottom of the page which will tell you what role you currently have. Its also useful for a bunch of other things. Assuming you have the appropriate role when you are logged-in, only setup one guard at a time. ie. you currently have both "BjyAuthorize\Guard\Controller" and "BjyAuthorize\Guard\Route" setup
You can run with just one or other of these to start, and when you have one running you can then test the other. Just remove or comment out the appropriate section in bjyauthorize.global.php.
Do note that the behaviour is that if you enable the guards everything that is not specified is blocked.
Without seeing your controllers and routes I dont know if some of the configuration above is correct but it might be safer to double check route names and use the fully qualified controller names eg. instead of
try
I hope this is some help.
Additionally, if you happen to end up using Doctrine ORM at some point https://github.com/manuakasam/SamUser is a great module to tie BjyAuthorize, ZFcuser and Doctrine together, easily.
Fin