0

I'm new to Zend and PHP and I'm getting ready to start work on a portal type application that will house multiple internal applications. I've already setup Zend_Auth and can now login via Active Directory.

We've been discussing using Zend_Acl to setup resources, one for each application within the portal. On the surface Zend_Acl seems like it would handle what we need for authorization and hierarchical access to resources.

After some research I've found that it's common to combine Zend_Acl with Zend_Navigation but there are sometimes issues with this.

What has been requested is that apart from* utilizing a front controller plugin to check resource access/privileges on each request, that we instead control the elements shown in the view (HTML) to the user. For example if user 'Bob' doesn't have access to the blog application, we don't want Bob to see that on his nav menu.

To me, introducing all this logic and if checks in the views is wrong; I think they should remain as stupid as possible. Is there a better way of handling this? Conditionally showing or hiding elements based on user role in your view code feels wrong to me.

Caley Woods
  • 4,707
  • 4
  • 29
  • 38
  • 2
    Here is a similar question, check it out: http://stackoverflow.com/questions/8907820/acl-and-appearance-manipulation-of-links-forms-and-dom-elements Also, I hope when you wrote "instead of utilizing a front controller plugin" you actually meant "apart from utilizing a front controller plugin" ;) – bububaba Feb 02 '12 at 15:05

1 Answers1

1

If you want to remove the logic from the view, I would suggest using view helpers. That way you can abstract the ACL logic away from the view.

In your controler you would need to pass the ACL object to the view for use:-

$this->view->acl = $acl;//instance of Zend_Acl

Then you have a view helper for rendering some element:-

class Zend_View_Helper_SomeElement extends Zend_View_Helper_Abstract
{
    public function someElement()
    {
        $html = '';
        if($this->view->acl->isAllowed('guest', null, 'view'){
           $html .= "<div>Top secret content</div>\n";
        }
        return $html;
    }
}

Then your view is as simple as:-

echo $this->someElement();

That keeps your view simple and easy to read, while your logic is nicely hidden. Not ideal, but in your situation, I think this is the route I would take.

Your view helper can, of course, be made a bit more general purpose than this by passing in parameters.

vascowhite
  • 18,120
  • 9
  • 61
  • 77