_Acl / Zend_Auth Example Scenario. By Simon Mundy Hi there all After submitting the initial example of how Zend_Auth and Zend_Acl could be implemented Gavin pointed out areas that weren’t really addressed in my proof of concept and it could potentially confuse newcomers to the way MVC is utilised.
I’d like to clarify that post to a) Address those concerns and b) see if there’s any constructive criticism of the process that could benefit everyone. Requirements Demonstrate a web environment where ‘public’ (i.e. non-authenticated) users and ‘member’ users have access restrictions, and to what context they may visit those resources. Site layout ------------- Expressed as :controller/:action notation:- /home /news/index /view /email /tutorials/index /view /forum/index /category /view /add /update /reply /search /report - report abuse, etc. Access rules: Three types of user ‘roles’ have been identified for the site:- (not authenticated) – Guests can access ‘home’, ‘news’ and ‘tutorials’ only. Application layout Bootstrap Index.php <? Zend_Acl part 1: Misconceptions and simple ACLs.
February 6, 2009 – 7:35 am Tags: Zend Framework, Zend_Acl I’m going to be writing a weekly series of posts on Zend_Acl.
This first post will clear up some common misconceptions regarding Zend_Acl, introduce creating ACLs for simple applications, and give some examples on using the ACL in both non-Zend Framework and Zend Framework applications. Later in the post series I’ll be talking about some more advanced ways of utilizing Zend_Acl, and topics such as database-backed ACLs. A russian translation of this post is available here, courtesy of Rashad Surkin. Php - Practical Zend_ACL + Zend_Auth implementation and best practices. Implementing access control with zend framework. _Acl - Simon Mundy - Proposers.
Zend Framework. Precise Access Controls The basic ACL as defined in the previous section shows how various privileges may be allowed upon the entire ACL (all resources).
In practice, however, access controls tend to have exceptions and varying degrees of complexity. Zend_Acl allows to you accomplish these refinements in a straightforward and flexible manner. For the example CMS, it has been determined that whilst the 'staff' group covers the needs of the vast majority of users, there is a need for a new 'marketing' group that requires access to the newsletter and latest news in the CMS. The group is fairly self-sufficient and will have the ability to publish and archive both newsletters and the latest news.
In addition, it has also been requested that the 'staff' group be allowed to view news stories but not to revise the latest news. First we revise the role registry to reflect these changes. Then it is simply a matter of defining these more specific rules on the target areas of the ACL: Zend Framework. Zend_Acl provides a lightweight and flexible access control list (ACL) implementation for privileges management.
In general, an application may utilize such ACL's to control access to certain protected objects by other requesting objects. For the purposes of this documentation: a resource is an object to which access is controlled. A role is an object that may request access to a Resource. Put simply, roles request access to resources. Through the specification and use of an ACL, an application may control how roles are granted access to resources. Resources Creating a resource in Zend_Acl is very simple. Zend_Acl provides a tree structure to which multiple resources can be added.
Zend_Acl also supports privileges on resources (e.g., "create", "read", "update", "delete"), so the developer can assign rules that affect all privileges or specific privileges on one or more resources. Roles As with resources, creating a role is also very simple. Example #1 Multiple Inheritance among Roles.