I have users and posts tables and I want to set it up so that a logged in user can only view his posts i.e created by him. The thing is that I know how this can be done with simple sql and php however I'm using a zend framework project here and I would like to know if this can be done using Zend_ACL and how?
Asked
Active
Viewed 133 times
1 Answers
1
Limit action access on certain resources/models can be done via Zend_Acl_Role, Zend_Acl_Resource and specificly Assertions using Zend_Acl_Assert_Interface, check out this page for more info: http://framework.zend.com/manual/1.12/en/zend.acl.advanced.html and also this question Zend Acl - is it possible for an assertion to allow access to a privilege when the acl rules return false?
ACL wont select posts for you however it will allow/deny a user to edit/update/delete his own posts using assertions, this will only be done using SQL/Zend_Db, as you will have the list action for instance can be accessed by all users but the posts fetched in that action has nothing to do with ACL
-
1Quick question though - then where would the logic go to decide what posts can be listed to the user? – Ali Jan 01 '13 at 09:51