1

Zend's Acl allows the resource to be created in controller only

But, the controllers might be on any module not just only the default module. So, I read some article off the internet, I found one and tried this:

$acl -> addResource(new Zend_Acl_Resource("admin"));
$acl -> addResource(new Zend_Acl_Resource("admin:page"), "admin");
$acl -> addResource(new Zend_Acl_Resource("admin:posts"), "admin");

But, still, when i browse to the respective pages, I get errors regarding resouce page not found, or posts not found.

How to setup Module Specific ACL Resource?

Update:

$acl -> addrole(new Zend_Acl_Role('guest'))
    -> addrole(new Zend_Acl_ROle('admin'), 'admin');

$acl -> addResource(new Zend_Acl_Resource("page")); //controller with same name in admin module exists

$acl -> addResource(new Zend_Acl_Resource("admin"));
$acl -> addResource(new Zend_Acl_Resource("admin:page"), "admin");
$acl -> addResource(new Zend_Acl_Resource("admin:posts"), "admin");

$acl -> deny(null, null);
$acl -> allow('user', 'page', 'view');
$acl -> allow('admin', null);
mrN
  • 3,734
  • 15
  • 58
  • 82
  • The code submitted here is correct. The error you get is coming from somewhere else; wherever it is you check if the current role can access the `page` resource, perhaps (should check `admin:page` instead). More likely your error is from where you add permissions (`allow` or `deny`) to roles. – adlawson Aug 21 '11 at 15:42
  • @adlawson, I am afraid that's not the case of role, because there are only two types of error, guest and admin and admin is allowed to everything, using `$acl -> allow("admin", null);` – mrN Aug 21 '11 at 16:00
  • In that case, you need to post more code. The error is not in the above snippet. – adlawson Aug 21 '11 at 16:01
  • @adlawson, Ok, check out the update section – mrN Aug 21 '11 at 16:22

1 Answers1

1

I'm guessing the code you posted was some sort of pseudo code, as it wasn't valid. Still, this answer should work perfectly fine as is.

$acl->addrole(new Zend_Acl_Role('guest'))
    ->addrole(new Zend_Acl_Role('admin'), 'guest');

$acl->addResource(new Zend_Acl_Resource("page"));
$acl->addResource(new Zend_Acl_Resource("admin"));
$acl->addResource(new Zend_Acl_Resource("admin:page"), "admin");
$acl->addResource(new Zend_Acl_Resource("admin:posts"), "admin");

$acl->deny();
$acl->allow('guest', 'page', 'view');
$acl->allow('admin');

// Lets run some quick tests...
var_dump($acl->isAllowed('guest', 'page', 'view')); // true
var_dump($acl->isAllowed('guest', 'page', 'edit')); // false
var_dump($acl->isAllowed('guest', 'admin:page', 'view')); // false

var_dump($acl->isAllowed('admin', 'page', 'view')); // true
var_dump($acl->isAllowed('admin', 'page', 'edit')); // false
var_dump($acl->isAllowed('admin', 'admin:page', 'view')); // true
adlawson
  • 6,303
  • 1
  • 35
  • 46
  • Why when I comment line `$acl->addResource(new Zend_Acl_Resource("page"));` and browse to `/admin/page`, it says resouce `page` cannot be found. Willn't `admin:page` define page as a resource inside admin. – mrN Aug 21 '11 at 16:49
  • No. The resource name used is the **exact** name you give it. So for `admin:page` you have to use it exactly like that. Calling your child resource `admin:page` is a naming convention. You could have called it `my_ToTaLlY::unique-resourceName` if you wanted, but you have to use it exacly like that from then on. – adlawson Aug 21 '11 at 17:12
  • Then, how will I be able to differentiate the page resource of the default modudle and the page resource of admin module. – mrN Aug 21 '11 at 17:18
  • You are already half way there. You have `admin:page`. Now you need `default:page`. That's it. Two completely different resource names. – adlawson Aug 21 '11 at 17:20
  • In your example, which resource will `$acl->allow('guest', 'page', 'view');` address. I tried your default: and admin: way and allowed guest, to the index controller of admin module's index controller, `$acl -> allowed('guest', 'admin:index');` but still guest can browse /admin page – mrN Aug 21 '11 at 17:42
  • `$acl->allow('guest', 'page', 'view');` won't work at all, unless you define a resource called **page**. It shouldn't. It won't. It can't. **It's not magic**. – adlawson Aug 21 '11 at 17:44
  • I tried your default: and admin: way and allowed guest, to the index controller of admin module's index controller, $acl -> allowed('guest', 'admin:index'); and still I can't browse it, Why? (i am sorry, the last comment was reversed) – mrN Aug 21 '11 at 17:46
  • @mrN let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/2716/discussion-between-adlawson-and-mrn) – adlawson Aug 21 '11 at 17:47
  • +1, and accept, thats the least I can do for helping me out, thank you so much – mrN Aug 21 '11 at 18:03