Zend Framework Acl and Auth
Posted: Sat Apr 14, 2007 2:16 pm
Okay I have been struggling with this for a couple days. Basically, I'm trying to implement a transparent authentication system and avoiding having any authentication calls within the controllers. Now, my problem isn't with the Auth plugin I've created, my problem is creating the Acl control structure. Not so much the creation of it, but how to go about it.
My objective is to create a skeleton application over the Zend Framework so I want to have a default permission management system for every site, which can obviously be overridable, ie. administrator rule required for admin module, and guests have full access to default module. I was thinking of creating another plugin to set the default permissions, but I have no idea about how to tackle creating the acl.
So my question is: what do you guys recommend as a storage medium for dynamically creating Acl's. Also, where do you generally set the Acl? I was generally gearing towards a seperate plugin, because if a site has no authentication then I could simply remove the plugin, however it seems more appropriate to build it in the Action Controller. I'm kind of torn here.
For those of you interested, heres the plugin to check the Acl and Auth
My objective is to create a skeleton application over the Zend Framework so I want to have a default permission management system for every site, which can obviously be overridable, ie. administrator rule required for admin module, and guests have full access to default module. I was thinking of creating another plugin to set the default permissions, but I have no idea about how to tackle creating the acl.
So my question is: what do you guys recommend as a storage medium for dynamically creating Acl's. Also, where do you generally set the Acl? I was generally gearing towards a seperate plugin, because if a site has no authentication then I could simply remove the plugin, however it seems more appropriate to build it in the Action Controller. I'm kind of torn here.
For those of you interested, heres the plugin to check the Acl and Auth
Code: Select all
class Northern_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
protected $_auth;
protected $_acl;
protected $_noauth = array(
'controller' => 'login',
'action' => 'index'
);
public function __construct(Zend_Auth $auth, Zend_Acl $acl)
{
$this->_auth = $auth;
$this->_acl = $acl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ($this->_auth->hasIdentity()) {
$role = $this->_auth->getIdentity()->getUser()->role;
} else {
$role = 'guest';
}
$resource = $request->getControllerName();
if (!$this->_acl->has($resource)) {
$resource = null;
}
if (!$this->_acl->isAllowed($role, $resource, $request->getActionName()) || !$this->_auth->hasIdentity()) {
$request->setControllerName($this->_noauth['controller']);
$request->setActionName($this->_noauth['action']);
}
}
}