Zend_ACL with modular structure?

Question

I created a MVC with Zend by reading http://framework.zend.com/manual/en/zend.controller.modular.html.

The problem is that I can't find a way to use Zend_ACL with modular structure. Zend_Acl simply does not have a method to add modules. It only allows me to add controller and action.

How do I use Zend_Acl with modular structrue? Is it even possible with current version of Zend Framework?

score 2 · Accepted Answer · answered Dec 04 '09 at 08:38

It absolutely is. That's what we do in our project. We authenticate URI paths ($request->getPathInfo()), like: /admin/user/edit. Here "admin" is a module, "user" is a controller, and "edit" is an action. And we have an access plugin:

class Our_Application_Plugin_Access extends Zend_Controller_Plugin_Abstract {
    public function preDispatch(Zend_Controller_Request_Abstract $request) {
        foreach (self::current_roles() as $role) {
            if (
                Zend_Registry::get('bootstrap')->siteacl->isAllowed(
                    $role,
                    $request->getPathInfo()
                )
            ) return;
        }

        $this->not_allowed($request);
    }

   ...
}

Registered in application.ini:

resources.frontController.plugins.access = "Our_Application_Plugin_Access"

score 1 · Answer 2 · answered Dec 04 '09 at 14:16

1

Other option to Ivan's is to set resources insetead of just "controller" to sth. like "module-Controller".

answered Dec 04 '09 at 14:16

Tomáš Fejfar

11,129
8
54
82

score 1 · Answer 3 · answered Sep 27 '11 at 17:57

It's possible, I use it every time. First of all remember that the resource that Zend_Acl will verify is an arbitrary entity (a string), not necessary related to a particular module or controller. It can be the string "hello" and in your program you can check if the user can access the resource "hello". I often use some arbitrary resources as "login-button", "logout-button" to show the link in Zend_Navigation.

In your case, you should define the resource (in the acl) as some string that can be mapped to a module/controller layout. For example for the module foo and controller bar define the resource "foo.bar". Than in the access check procedure you will read module and controller name and merge them in a string to obtain the resource.

In a pratical example:

class Application_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract {

...

public function preDispatch(Zend_Controller_Request_Abstract $request){
    $module = $request->getModuleName();
    $controller = $request->getControllerName();
    $action = $request->getActionName();

...

   $resource = $module . '.' . $controller; //we create the custom resource according to the model we have defined
...

    $role=NULL;
    if($this->_auth->hasIdentity()){
        $identity = $this->_auth->getStorage()->read(); //depending on your implementation
        $role = $identity->role; //depending on your implementation
    }
...

  if(!$this->_acl->isAllowed($role, $resource, $action)){
        //deny access       
    }
    //allow access
}
}

Zend_ACL with modular structure?

3 Answers3