There is a situation: I store some structured data (e.g. array or object, or even string) as a Zend_Auth identity. From version to version the structure of identity could be changed thus identity from one version could (or could not) be compatible with application code of another version.
I'd like to have an ability to validate whether the stored identity data conform to current version requirements.
As I see from the manual, the verification of whether the identity exists is performed like:
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
// Identity exists; get it
$identity = $auth->getIdentity();
}
But there is no ability to hook into hasIdentity()
meth开发者_JS百科od or somewhere else to perform the validation.
The only way I see to do that is to implement my own Zend_Auth_Storage_Interface
class that will use some other storage as implementation and perform the validation of stored data.
Is there any more proper solution?
I'm not totally sure to understand but it looks like you misunderstanding the difference between Authorization and Authentication.
Zend_Auth is about Authentication, therefore you should not use Zend_Auth to process Authorization but Zend_Acl.
However, if what you want is to store an additional information from the Authentication process (ie Database Authentication) you can use the getResultRowObject($returnColumns, $ommitColumns);
method.
There are several implementation to get the "Row Object" depending on your current Adapter.
Zend_Auth_Storage_Interface
is about storing the result, I don't think you'll need to do such implementation since it's about storing the identity object in session or in a database for example.
What you may want is to use Zend_Acl and construct an Access Control List which defines generically a Role (can be an user), a Resource (your version-ed application), a Privilege (can use or not)
Note: *Most people have difficulties to use Zend_Acl because they think in Module/Controller/Action, but it is just one way to define resource.
A resource can be whatever you want, a entire application, a controller action, a view, another user, a database connection, etc.*
Even though you accepted the answer above I believe you need something else.
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
// Identity exists - validate if it's valid
$identity = $auth->getIdentity();
if (!HelperClass::validateIdentity($identity)) { //you validation method
/* User has stored identity from previous version.
* It may miss some important info (like a role value
* you added recently). Clear it and require re-login. */
$auth->clearIdentity();
$this->_helper->flashMessenger('Please login ...');
$this->_helper->redirector('login');
}
// identity is valid
$acl = Acl::factory(); //get acl object somehow
if (!$acl->isAllowed($module.$controller.$action, $identity->role)) {
throw new AccessDeniedException();
}
// else nothing -> user has valid session data and is allowed to access the resource.
}
精彩评论