I'm using ZF 1.8 and the new Zend_Application component. I've set up my navigation configuration in application.ini and created an ACL in models/Acl.php. I've tied the two together using the navigation view helper:
// In config
resources.navigation.pages.news.label = "News"
resources.navigation.pages.news.resource = "news"
resources.navigation.pages.news.privilege = "list"
resources.navigation.pages.news.controller= "news"
resources.navigation.pages.news.action= "index"
resources.navigation.pages.news.route = "default"
resources.navigation.pages.news.label = "Write News"
resources.navigation.pages.news.resource = "news"
resources.navigation.pages.news.privilege = "create"
resources.navigation.pages.news.controller= "news"
resources.navigation.pages.news.action= "write"
resources.navigation.pages.news.route = "default"
// In bootstrap
$acl = new Default_Model_Acl();
$view = $this->getResource('view');
$view->navigation()->setDefaultAcl($acl);
$view->navigation()->setDefaultRole('guest');
Everything is working fine so far. Only "allowed" pages appear in the navigation menus.
My question is, what would be a good way to enforce this in case the user accesses forbidden pages manually? For example, if guests are denied to create news, how can I keep them from accessing the page at /news/write?
In my application, the controller name is not necessarily the same as the ACL resource, and the action name is not necessarily the same as the ACL privilege. However, I would like to be able to query the ACL before the action is dispatched (perhaps from within a plugin) so I can forward the user to a forbidden page when not allowed.
Is there any easy way to ask Zend_Navigation "is the current page allowed by the ACL?"
Thanks!
-Hector
没有评论:
发表评论