response in the Zend Framework group, thought I might have better luck here,
even though it is more an ACL thread rather than an Auth thread)
It has been a while since my last post, (I think that was around 1.5.0ish).
Anyhow, I had stepped away from web projects for a while, and now I am back
to the great new 1.9.x, and am a little lost with the whole
Zend_Application, but I am working hard to catch up. Anyhow Zend_Auth and
Zend_Acl have always been my nemesis, but I think I have them figured out
now to a degree. I am starting a new personal project that will be pretty
similar to a CMS with blogging, forums, and several other features to begin
with. So what got me thinking, (and while reading up on CMS frameworks that
exist, that I could be using but I would rather write my own, it is more fun
that way), is to build the base application without defining any content
types at all, then create the content-types on the fly with the base
framework in place. I probably lost everyone with that pathetic
description, but I have a visual concept in my own mind of what I mean.
Anyhow, getting down to the whole Acl thing what I want to accomplish is
something like this:
- Start with a base user object.
- Each base user has a profile (which *actually* I think the required fields
should be part of the user record, and the profile should be somewhat
generic to be extensible to a UserProfile, WebsiteProfile, AuthorProfile,
etc, not necesarily related to a site user, but more general), for now this
will be a one to one relationship.
- Each user will belong to one or more groups, and each group will contain
one or more users, this will be a many to many relationship.
- Next we have a base resource, be it a module, controller, action, model,
or individual record (article, profile, etc)
- A user can have a role for one or more resources.
- A group can have a role for one or more resources.
-Roles could be either most restrictive (group_roles *OR* user_roles) or
least restrictive (group_roles *AND* user_roles)
Queries would look like (forgive the syntax, its just conceptual right now):
$uid = 11
$gid = 12
$rid = 14 (resource: article)
// Roles may include, Author, Editor, Publisher, etc.
// A user/group may include one or more roles (ie Author and Editor, but not
Publisher)
$rolesByUser = select * from UserRoles where (`uid` = $uid and `rid` =
$rid);
$rolesByGroup = select * from GroupRoles where (`gid` = $gid and `rid` =
$rid);
$roles = array_combine($rolesByUser, $rolesByGroup);
Where $roles would be an array of Zend_Acl_Role objects.
I have attached a `sample`drawing of the database layout, however maybe
think of this layout as more of a model layout, where the `tables` could
actually be xml files / config files, or some other method of storage, the
data does not necessarily have to come from a database, again, this is just
my vision of the whole thing (and likely it will be primarily relational
database tables none the less).
Anyhow, what I am trying to do is come up with a fairly generic, extensible,
flexible, robust, (insert other great buzzwords here), Acl structure. Any
feedback, suggestions on the best way to code this, modifications, or
general criticisms about my logic (including your logic and why its better
than mine) would be most appreciated.
Thanks
Aaron
http://www.nabble.com/file/p25197810/acl_layout.png
--
View this message in context: http://www.nabble.com/Complex-ACL--cross-post--tp25197810p25197810.html
Sent from the Zend Auth mailing list archive at Nabble.com.
没有评论:
发表评论