开发者

Zend Acl - Modules, Controllers, Actions and Models

开发者 https://www.devze.com 2023-03-12 20:23 出处:网络
I spent the day looking for tutorials and answers about how to implement Zend_Acl here at SO as in other sites. And I got a headache. :X

I spent the day looking for tutorials and answers about how to implement Zend_Acl here at SO as in other sites. And I got a headache. :X

I saw people using it to allow or disallow access to certain controllers/actions and others saying that this way is incorrect, and that should allow or disallow access based on models. Huh, the second appears feasible, however, this means that for every controller I need a model? Because it seems, following the second alternative, I'll only be able to block user access at the moment it is, for example, editing a post. But I would like to prevent access to the action of the controller which edits the post.

If I want to block access to the user with role X to the action Y of the controller Z, how would I do that if I follow the second alternative?

An example of a real application would be very welcome.

This information can improve your answers: I use Doctrine 2 as ORM, and I have a module Admin. The act开发者_Go百科ual structure of my application is like this:

application
  - MYAPP
    - configs
    - controllers
    - layouts
    - views
    - library
       - MYAPP ;This folder is in the include path
    - modules
       - admin


I confess to being no Zend_Acl expert, but to me, the essence of using Zend_Acl is identifying the roles, the resources, and the privileges. The roles are usually pretty obvious. And once you have clearly identified the resources, the privileges often become apparent.

So to me, the key is identifying the resource.

In your circumstance, it sounds like you have explicitly identified the controller as the resource. If you need finer-grained access control, you could then define privileges to be the actions. This seems to be flexible enough so that even controllers that don't need to use models - perhaps static pages that should only be shown to logged-in users of a certain type, etc - can be ACL controlled.

There might be cases where you find that your resources/privileges "naturally" correspond to models/methods. But I don't think you should feel compelled to force your ACL into that paradigm if controllers/actions more closely matches your understanding of the program flow and ACL requirements.

Not really a direct answer to your question. More like advice to be true to your own read of the situation.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号