(on Tuesday, 05 August 2008, 09:43 PM -0700):
> Am an MVC noob but trying to understand where to put my acl and auth code.
>
> Different pages will have different content depending on their level of
> access and also some page will require that the user is logged in and some
> will not.
>
> In the now deprecated model1 programming I would just have done the check
> for permissions and auth at the top of the page and been done with it, but
> MVC appears more complex and I find myself wondering where best to put it.
>
> Should I be using a Zend_Controller_Plugin or Zend_Action_Helper or neither?
I typically recommend grabbing the authentication session in a plugin,
and also initializing ACLs and pushing the acl object to the registry in
that same plugin (have it run at dispatchLoopStartup()). Then write an
action helper for checking against ACLs.
> Should I check acls / auth in each action method or init if I know the whole
> controller needs some acl or used must be auth'd OR do I override the
> preDispatch method and check which action / module / controller is being
> used and centralise all acl and auth checking there?
>
> Any strong opinions eitherway or perhaps I'm way off track and need to be
> reeled in so as to avoid my code ending up on worsethanfailure.com :)
--
Matthew Weier O'Phinney
Software Architect | matthew@zend.com
Zend Framework | http://framework.zend.com/
没有评论:
发表评论