On Tue, Jul 28, 2009 at 12:24 PM, Seth Atkins <satkins@nortel.com> wrote:
How would you know the request parameters to feed to your RouteFactory without routing? Routing translates the REQUEST_URI to parameters.
If you're in preDispatch, you've already instantiated the controller, so it is too late to modifying the request. You would want to look at the _forward method.
If you want to match a route based on db values, you can extend the Route abstract. Keep in mind the lookup will occur on every unmatched request, whereas ACL lookups might only be used on unauthenticated sessions.
- pw
1) I could create a RouteFactory class that feeds routes based on the request parameters. I believe I could even use Zend_Auth and Zend_Acl within that factory class when creating routes, and coupled with instantiating the session also have access to persistent session data when building routes. In essence it seems to me I can make routing decisions based on everything I would ever want to know about the request, authentication status, etc. So no access can result in a route created that routes to a login page. If the conditions for access to 'bar' are not met, I can route to an index landing page. If they are, I can simply not create a route at all and let it go through.
How would you know the request parameters to feed to your RouteFactory without routing? Routing translates the REQUEST_URI to parameters.
or2) I could in essence do all the same things in a preDispatch method of a controller plugin. But instead of creating routes, I'm simply altering the request object like this: $request->setControllerName('bar') based on essentially the same criteria. I could use the session data, Zend_Auth, and Zend_Acl to build the rules and then the result of those rules is altering the request object, or not.
If you're in preDispatch, you've already instantiated the controller, so it is too late to modifying the request. You would want to look at the _forward method.
Or simply put, the basic algorithm of my ACL generator is identical, how I gather the input is a little different but after it all goes through the salad spinner, the last bit of code is like this:if (!$acl->isAllowed($role, 'foo', $privilege)) {//create some routes for the router to}if (!$acl->isAllowed($role, 'foo', $privilege)) {// $request->setControllerName('bar')// ->setActionName('index');// etc}
If you want to match a route based on db values, you can extend the Route abstract. Keep in mind the lookup will occur on every unmatched request, whereas ACL lookups might only be used on unauthenticated sessions.
- pw
没有评论:
发表评论