I'd recommend writing your own class to extend Zend_Controller_Action, and checking the acls/auth in the init() and preDispatch() methods as you see fit.
This works very well for me.
Cheers,
-Sam
--
Sam Sandberg
"Well, everyone knows Custer died at Little Bighorn. What this book presupposes is... maybe he didn't?"
-Eli Cash
This works very well for me.
Cheers,
-Sam
On Wed, Aug 6, 2008 at 12:43 AM, whisperstream <junk@alf2.com> wrote:
Am an MVC noob but trying to understand where to put my acl and auth code.
Different pages will have different content depending on their level of
access and also some page will require that the user is logged in and some
will not.
In the now deprecated model1 programming I would just have done the check
for permissions and auth at the top of the page and been done with it, but
MVC appears more complex and I find myself wondering where best to put it.
Should I be using a Zend_Controller_Plugin or Zend_Action_Helper or neither?
Should I check acls / auth in each action method or init if I know the whole
controller needs some acl or used must be auth'd OR do I override the
preDispatch method and check which action / module / controller is being
used and centralise all acl and auth checking there?
Any strong opinions eitherway or perhaps I'm way off track and need to be
reeled in so as to avoid my code ending up on worsethanfailure.com :)
Thanks in advance
--
View this message in context: http://www.nabble.com/zend-acl-and-auth-checking-best-practices-tp18842724p18842724.html
Sent from the Zend MVC mailing list archive at Nabble.com.
--
Sam Sandberg
"Well, everyone knows Custer died at Little Bighorn. What this book presupposes is... maybe he didn't?"
-Eli Cash
没有评论:
发表评论