0

i am using Zend_Acl, PHP and is wondering how shld ACLs be implemented.

shld every page be a resource and i always query the acl to see if a user is authorized? i guess i must use this if i want to use a controller plugin (can be setup to run on every request) to check if a user is allowed?

or do i just put the query code where i need it? eg. at the top of pages i need to query the acl? then in pages publicly available, i just skip it? may get troublesome if the application gets big?

Charles
  • 50,943
  • 13
  • 104
  • 142
Jiew Meng
  • 84,767
  • 185
  • 495
  • 805
  • possible duplicate of [acl for edit post page?](http://stackoverflow.com/questions/3353075/acl-for-edit-post-page), by the same author. – Borealid Jul 28 '10 at 13:52
  • hmm, in this question, i am actually asking if i shld have acl query code in every page vs that page as how to have more dynamic acl query. but thats my opinion – Jiew Meng Jul 28 '10 at 14:04

1 Answers1

0

ok, i just answer this question then close it

what i did now was have a controller plugin that sets its resource based on controller name and privilege based on action name. then query the acl based on that

still under development, but what i currently have look like http://pastebin.com/9BYzms7W

Jiew Meng
  • 84,767
  • 185
  • 495
  • 805