I am trying to build a group based acl in the zend framework. Basically there will be three roles: admin, guest and user. And there will be different groups for the user role. How it will work is I have a check list of modules/controllers and action using the check list admin will be allowed to create group. Group could be something like editor (role will be user for editor aswell ). This group will be saved in database in a table group (group_id, group_name) and the resources selected will be saved in a table resource (resource_id, resource, group_id). resource will be saved in a format somewhat like module:controller:action (eg : user:user:login)
What I want to know is, Is what I am trying to do is the correct way or not if it has overhead or any suggestion you could post.
class App_AccessCheck extends Zend_Controller_Plugin_Abstract{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if(!$this->_acl->isAllowed(Zend_Registry::get('role'),"Controller","Action")){
$request->setModuleName('user')
->setControllerName('user')
->setActionName('login');
}
}
class App_Acl extends Zend_Acl
{
public function __construct()
{
$this->addRole(new Zend_Acl_Role('guest'));
$this->addRole(new Zend_Acl_Role('user'));
$this->addRole(new Zend_Acl_Role('admin'));
$this->add(new Zend_Acl_Resource('Controller'))
->add(new Zend_Acl_Resource('Controller'), 'Action');
$resource = new App_Resource();
$params = $resource->getResource();
$this->allow('user', 'Controller', 'Action', new App_ActionAssertion($params));
}
public function isAllowed($role = null, $resource = null, $privilege = null)
{
// by default, undefined resources are allowed to all
if (!$this->has($resource)) {
$resource = 'nullresources';
}
return parent::isAllowed($role, $resource, $privilege);
}
}
class App_Resource extends Zend_Controller_Request_Abstract{
protected $params;
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$module = $request->getModuleName();
$controller = $request->getControllerName();
开发者_Python百科 $action = $request->getActionName();
$params = $module.":".$controller":".$action;
$this->setParams($params);
}
public function getParams()
{
return $params;
// String representing current module:controller:action
}
}
class App_ActionAssertion implements Zend_Acl_Assert_Interface
{
//this class will check the access of the group to the particular resource in the database table: resource based on the params passed
//admin will be allowed all privilege
//return true/false
}
精彩评论