2

I have an application at the moment using Zend_Auth for user access. The site has an admin section where I want one user who has the role of admin in my database to be allowed access when he uses his credentials. Is Zend_Acl the only way to do this? As it seems a little complex for what I want to do or would there be any easier solutions to my problem?

I have had a think about this and I am now wondering if it is possible to have two auth controllers one for users and one for my admin section?

Hash
  • 4,647
  • 5
  • 21
  • 39
Rex89
  • 153
  • 1
  • 3
  • 12

2 Answers2

2

I did something like this recently. Create a front-controller plugin for the admin module that checks the user credential. Something like:

class Admin_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{    
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        if ($request->getModuleName() != 'admin'){
            return;
        }
        $auth = Zend_Auth::getInstance();
        if (!$auth->hasIdentity()){
            // send him to login
        }
        $user = $auth->getIdentity();
        if (!$user->isAdmin()){ // or however you check
            // send him to a fail page
        }
    }    
}
David Weinraub
  • 14,144
  • 4
  • 42
  • 64
  • Sounds reasonable to me, so if I create a file with this in called Acl.php in the "/application" then register the plugin in the bootstrap it will initialise on startup? – Rex89 Apr 24 '12 at 16:30
  • Yep, though you do have a choice about where you put it, what you name it, and how you register it. Personally, mine resided in the admin module (file: `application/modules/admin/plugins/Auth.php`), named `Admin_Plugin_Auth`. I made sure that that the module Bootstrap extended `Zend_Application_Module_Bootstrap` (which registered a resource loader mapping the folder `application/modules/admin/plugins` to the class prefix `Admin_Plugin_`). And registered the plugin in the module Bootstrap (file: `application/modules/admin/Bootstrap.php`). – David Weinraub Apr 25 '12 at 05:21
  • one day this information will be helpful to me as it was my application didnt require acl.. just yet.. Thanks anyway – Rex89 Apr 25 '12 at 20:09
0

I decided to go with the method of having a field of "is_admin" in my database if its set to 1 the user is an admin. I then use this code:

public function init()
{
    $this->auth=Zend_Auth::getInstance();
    if ($this->auth->getStorage()->read()->is_admin) {
    $route = array('controller'=>'admin', 'action'=>'index');
    } else {
        $route = array('controller'=>'index', 'action'=>'index');
    $this->_helper->redirector->gotoRoute($route);
    }
}

This redirects the user from the admin area if they are not an admin and allows them access if they are an admin.. A lot easier to implement than ACL for the simple use in my application.

Robert Harvey
  • 178,213
  • 47
  • 333
  • 501
Rex89
  • 153
  • 1
  • 3
  • 12