0

Actually using Zend Framework 2, I am looking for a way to implement a performant ACL strategy based on a database.

The whole idea is to directly filter the DQL queries depending on the currently logged in user, and it's permissions.

I found an implementation of this mecanisme in Symfony 2 http://symfony.com/doc/current/cookbook/security/acl_advanced.html, in this case one table seems to store for each user if he has access to a single row, so we can easily dynamically load only allowed rows by joining this table.

To synthesize,I am looking for a way to define access rules to entities based on criterias, but want to be able to get results in a single query to be able to do some ordering, and pagination.

Are there any ZF2 modules to resolve this case ?

It looks like integrating the SF2 security component as standalone is not an option: Security component from Symfony 2.0 as standalone

Community
  • 1
  • 1
user2231809
  • 43
  • 1
  • 5

1 Answers1

0

You have to use doctrine filter for load things for current member

example of my codes adding the filter for member query :

$em = $sm->get('doctrine.entitymanager.orm_default');


$ormconfig = $sm->get('doctrine.configuration.orm_default');


$ormconfig->addFilter("member", "\PatrickCore\Script\ORM\Functional\MemberAccessFilter");


//

$currentUser = $membersService->getCurrentUser();

$uid = $currentUser->getId();
$filter = $em->getFilters()->enable("member");
$filter->setParameter('member', $uid);

and this file \PatrickCore\Script\ORM\Functional\MemberAccessFilter :

<?php
namespace PatrickCore\Script\ORM\Functional;
use Doctrine\ORM\Mapping\ClassMetaData,
    Doctrine\ORM\Query\Filter\SQLFilter;

class MemberAccessFilter extends SQLFilter
{
    public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
    {
        // Check if the entity implements the LocalAware interface

        if (!$targetEntity->reflClass->implementsInterface('\PatrickCore\Entity\MemberAccessAware')) {
            return "";
        }

        return $targetTableAlias.'.member_id = ' . $this->getParameter('member'); // getParameter applies quoting automatically
    }
}
Sina Miandashti
  • 2,087
  • 1
  • 26
  • 40
  • Thank's for your answer. I today realize that my problem is more to find a great way to store row-level access so that I can inner join to filter – user2231809 Apr 19 '13 at 11:46