ACC SHELL

<?php
class TF_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
	/**
	 * @var Zend_Auth
	 */
	protected $_auth;
	/**
	 * @var Zend_Acl
	 */
	protected $_acl;
	
	public function preDispach(){
		$this->postDispach();
	}
	public function routeShutdown(Zend_Controller_Request_Abstract $request)
	{
		$this->_initAcl();
		
		$module = $request->getModuleName();
		$controller = $request->getControllerName();
		$action = $request->getActionName();
		
		if($this->_auth->hasIdentity()){
			$identity = $this->_auth->getIdentity();
			if ($this->_acl->isAllowed($identity->role, $action)) {
				return;
			} else {
				throw new Zend_Acl_Exception();
			}
		} else {
			if(('index' == $controller) && ('login' == $action)){
				return;
			} else {
				$s = new Zend_Session_Namespace('urlTransport');
				$s->lastUrl = $_SERVER['REQUEST_URI'];
				$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
				$redirector->direct('login', 'index', 'default');
				exit;
			}
		}
	}
	

	protected function _initAcl()
	{
		$this->_auth = Zend_Auth::getInstance();
		
		$acl = new Zend_Acl();
		$acl->addResource('index');
		$acl->addResource('pridat');
		$acl->addResource('detail');
		$acl->addResource('upravit');
		$acl->addResource('smazat');
		$acl->addResource('login');
		$acl->addResource('logout');
		
		$acl->addRole('admin');
		$acl->addRole('editor');
		$acl->addRole('reader');
		
		$rolesRead = array('admin', 'editor', 'reader');
		$rolesWrite = array('admin', 'editor');
		$rolesDelete = array('admin');
		
		$acl->allow($rolesRead,array('index', 'login', 'logout', 'detail'));
		
		$acl->allow($rolesWrite,array('pridat', 'upravit'));
		
		$acl->allow($rolesDelete,array('smazat'));
		
		Zend_Registry::set('Zend_Acl', $acl);
		
		$this->_acl = Zend_Registry::get('Zend_Acl');
		
	}
}