1

I can't get my Zend_Navigation to work properly,

When logging in user with AUth/Doctrine, I am pulling out the roles assigned to the user (usually it's a few of them) from a Many-to-many table,

Then in the bootstrap.php on line: $view->navigation($navContainer)->setAcl($this->_acl)->setRole($this->_role);

I get error: '$role must be a string, null, or an instance of Zend_Acl_Role_Interface; array given'

However if I loop through the roles with foreach - the previous roles are being overwritten by the following ones and I get the nav only for last role,

Does anyone have any logical solution for this ?

Really appreciate, Adam

2 Answers2

1

I had the same problem but approached the solution from a slightly different angle. Instead of modifying the Zend_Navigation object to accept two or more roles, I extended Zend_Acl and modified the isAllowed() method to check against all those roles. The Zend_Navigation objects use the isAllowed() method, so overriding this solved the issue.

My_Acl.php

<pre><code>
class My_Acl extends Zend_Acl
{
    public function isAllowed($role = null, $resource = null, $privilege = null)
    {
        // Get all the roles to check against
        $userRoles = Zend_Registry::get('aclUserRoles');
        $isAllowed = false;

        // Loop through them one by one and check if they're allowed
        foreach ($userRoles as $role)
        {
            // Using the actual ACL isAllowed method here
            if (parent::isAllowed($role->code, $resource))
            {
                $isAllowed = true;
            }
        }

        return $isAllowed;
    }
}
</code></pre>

Then, instead of creating an instance of Zend_Acl, use My_Acl, pass that to your navigation object and it should work.

dKen
  • 3,078
  • 1
  • 28
  • 37
0

You should really never, ever override isAllowed(), and yes there is a solution. Create a class that implements Zend_Acl_Role_Interface and if memory serves it requires defining a single method getRole(), this could, in fact, be your model that you use to authenticate a user against and allow that class to handle determining the role. A user should only have a single role. If access to the resource should be granted to users of multiple roles but only under certain conditions, then you should use an assertion, thats why they are there.

Jsmith
  • 36
  • 2