<?php

class CustomControllerAclManager extends Zend_Controller_Plugin_Abstract
{
    private $_defaultRole= 'guest';

	private $_authController = array('controller' => 'account',
		                                  'action' => 'login');

    private $_resources= array (
                                'index',
                                'account',
                                'video',
                                'blog',
                                'gallery',
                                'poll',
                                'profile',
                                'messenger',
                                'utility',
                                'file',
                                'admin',
                                'game'
                               );

    public function __construct(Zend_Auth $auth)
	{
		$this->auth = $auth;
		$this->acl = new Zend_Acl();

		// add the different user roles
		$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
		$this->acl->addRole(new Zend_Acl_Role('member'));
		$this->acl->addRole(new Zend_Acl_Role('administrator'), 'member');

		// add the resources we want to have control over
        foreach ($this->_resources as $resource) {
			$this->acl->add(new Zend_Acl_Resource($resource));
        }

		// deny access to everything for all users by default
		$this->acl->deny();

		//guests can either login or fetch password or activate account.
		$this->acl->allow('guest', 'account', array('login','fetchpassword', 'activate'));

		// allow memebers to access all thea areas except admin area
		$this->acl->allow('member', 'index');

		$this->acl->allow('member','account');
		$this->acl->deny('member','account', array('register'));
		$this->acl->deny('member','account', array('suspend'));
		$this->acl->deny('member','account', array('delete'));
		$this->acl->deny('member','account', array('activate'));
		$this->acl->allow('administrator','account', array('register'));
		$this->acl->allow('administrator','account', array('suspend'));
		$this->acl->allow('administrator','account', array('delete'));
		$this->acl->allow('administrator','account', array('activate'));

		$this->acl->allow('member', 'index');
		$this->acl->allow('member', 'account');
		$this->acl->allow('member', 'video');
		$this->acl->allow('member', 'gallery');
		$this->acl->allow('member', 'poll');
		$this->acl->allow('member', 'blog');
		$this->acl->allow('member', 'file');
		$this->acl->allow('member', 'profile');
		$this->acl->allow('member', 'messenger');
		$this->acl->allow('member', 'utility');
		$this->acl->allow('member', 'game');

		// allows administrators access to the admin area
		$this->acl->allow('administrator', 'admin');
	}

	/**
     * preDispatch
     *
     * Before an action is dispatched, check if the current user
     * has sufficient privileges. If not, dispatch the default
     * action instead
     *
     * @param Zend_Controller_Request_Abstract $request
     */
	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
		// check if a user is logged in and has a valid role,
		// otherwise, assign them the default role (guest)
		if ($this->auth->hasIdentity()) {
			$role = $this->auth->getIdentity()->user_type;
			if (!$this->acl->hasRole($role))
				$role= $this->_defaultRole;
		}
		else {
			$role= $this->_defaultRole;
		}

		// the ACL resource is the requested controller name
		$resource= $request->controller;

		// the ACL privilege is the requested action name
		$previlege= $request->action;

		// if we haven't explicitly added the resource, check
		// the default global permissions
		if (!$this->acl->has($resource))
			$resource= null;

		// access denied - reroute the request to the default action handler
		if (!$this->acl->isAllowed($role, $resource, $previlege)) {
			$request->setControllerName($this->_authController['controller']);
			$request->setActionName($this->_authController['action']);
		}
	}
}

?>