Re: [fw-mvc] Enforcing ACL with Zend_Navigation?

I'll post some of my code later when I have more time. But why can't your controllers be resources as well! In my apps, my domain objects are resources, and my controllers are resources. Anything for me that needs access is a resource and implements that interface.

In the case of views for your exam, the action would be view. That would grant high level access to that privilege on that resource. For low level privileges, you would check in a service layer, or a repository.

Instead of:
$this->view->exam = $this->_exams->find($id);

You would have

$examService->find($id);

I'm not sure what you're exam object is...if its a DAO, DataMapper, Repository or Service Layer Object, but if its one of the latter two, you would place an ACL check in there.

On Thu, Jul 16, 2009 at 7:14 PM, Hector Virgen <djvirgen@gmail.com> wrote:

Abraham, that doesn't work for me because my controllers are not resources. My resources are usually things like a blog post or an exam:

class Exam implements Zend_Acl_Resource_Interface

{

    /* ... */

    public function getResourceId()

    {

        return "exam:{$this->_id}";

    }

}

Also, actions do not always map to privileges, so it's difficult to use a front controller plugin to query the ACL based on the request action. This is especially true when calling an action like "view" which uses a request parameter "id" to determine which item to view.

class ExamsController extends Zend_Controller_Action

{

    /* ... */

    public function viewAction()

    {

        $id = $this->getRequest()->getParam('id');

        $this->view->exam = $this->_exams->find($id);

    }

}

It seems I don't understanding how Zend_Acl is supposed to be connected to Zend_Navigation, which might be why I'm having such a hard time getting it to work the way I think it's supposed to work. Most implementations I've seen in blog posts create a direct correlation of controllers to resources and actions to privileges, but that doesn't seem to work with how I set up my controllers.

--
Hector

On Thu, Jul 16, 2009 at 4:01 PM, Abraham Block <atblock@gmail.com> wrote:

The way I do this is by having my controllers implement Zend_Acl_Resource_Interface and then I have an action helper which checks the ACL. Then in my Zend_Navigation settings I use that same resource id.

On Thu, Jul 16, 2009 at 6:52 PM, eugenevdm <eugene@snowball.co.za> wrote:

Hector,

Did you make any progress with this? I'm new to Zend_Acl and Zend_Navigation
and I'm struggling to find 'easy' examples of how to make this work
together. Most examples either cover Zend_Acl or Zend_Auth and this is the
only reference I could find so far that seems to mention using Zend_Acl with
Zend_Navigation. Do you perhaps have more code samples?

kind regards,
Eugene
--
View this message in context: http://www.nabble.com/Enforcing-ACL-with-Zend_Navigation--tp23454353p24525852.html
Sent from the Zend MVC mailing list archive at Nabble.com.