2

is it possible to write a validator for a zend form, which checks if the user has the right to change a form field? Means the user sees the field, but if tries even without permission (no acl right), he receives an error message? subsequent this means a field is deactivated if the user is not permitted to change the field.

Manuel
  • 9,112
  • 13
  • 70
  • 110
  • Yes it is possible. Are you having problems making this happen? Do you have code? What have you tried? – brady.vitrano Jul 12 '11 at 22:31
  • I never used ZF before, basically I'm starting from zero. I guess I can get a form working from tutorials but do you have an example for the validator checking rights? – Manuel Jul 15 '11 at 16:32

1 Answers1

1

Your going to want to use Zend_Acl to check permissions. You will want something like this:

/** Application_Validate_HasEditRights::isValid()**/
public function isValid($value, $context = array())
{
    // Set in form or element using $this->setResource()
    $resource  = $this->_resource;
    // Set in form or element using $this->setPrivilege()
    $privilege = $this->_privilege;

    if ( empty($resource) || empty($privilege) ) {
        throw new Zend_Exception("Validator requires a resource and privilege");
    }

    // Set in form or element $this->setOriginalValue()
    $original  = $this->_originalValue;
    $isEdit = false;
    // Check if original matches new value
    if ($original != $value) {
        $isEdit = true;
    }
    /** Get ACL **/
    $acl  = new Zend_Acl();
    $acl->addRole('guest');
    $acl->addRole('administrator', 'guest');

    $acl->addResource('form');
    // $acl->allow('role', 'resource', array('privilege'));
    $acl->allow('guest','form', array('limited')); // arbitrary resource and privilege names
    $acl->allow('administrator','form', array('full-access'));

    // Get the role of the logged in user; this may be different from how you store it
    $role = Zend_Auth::getInstance()->getIdentity()->role;

    // Check if the role has access to this form
    if ( $isEdit && !$acl->isAllowed($role, $resource, $privilege) ) {
        // Set Error message
        $this->_error(self::INVALID_PRIVILEGES);
        return false;
    }

    return true;
}
brady.vitrano
  • 2,256
  • 2
  • 16
  • 26
  • You're completely removing the element from the form, which is basically a good idea, but not my goal. I still need to validate the Element since my user needs to see the field content and needs to get a response if he tries to change it. Since I want to keep the application generic. Is it possible to store (the forms) and the according rights inside a config file (application.ini) or a database? How do you safe the form back to a database? Can you create AJAX responses from a form? – Manuel Jul 16 '11 at 09:45
  • I updated my answer to show code in validator. The concept is the same just using in a different context. You can store forms, resources, privileges, and the entire ACL in a database or ini file if you like. For saving forms and using with AJAX. I recommend you read the manual on [Zend_Form](http://framework.zend.com/manual/en/zend.form.html) – brady.vitrano Jul 16 '11 at 15:14
  • I'm having problems getting it running ... could you confirm if I understand your code right. It implements a own validator. To be able to use it I need to specify a resource privilege and the original Value? I safe the validator in my own library making a class for it extending a abstract validator. Namespace is automatically loaded. Could you give me an example for the whole validator class and a form using this validators? – Manuel Jul 24 '11 at 13:17
  • [Further information](http://hodgepodgers.com/custom-validator-to-check-field-privileges-with-acl/). – brady.vitrano Jul 24 '11 at 14:21