> within a controller plugin, and this is important to my design since I
> want the ACLs to be checked prior to actual dispatch…that way I can
> essentially redirect based on permissions to other
> module/controller/action by simply modifying the request object. I'd
> like to keep this basic design, but I've found a fairly significant
This is a pretty common use case (ACL's and module/controller/action's
being treated as ACL Resources) so much so that there is even a proposal
for integration into ZF for it:
http://framework.zend.com/wiki/pages/viewpage.action?pageId=39025&showComments=true#comments
> limitation. If the plugin encounters any kind of exception, the plugin
> execution is halted and then the app continues on….which ultimately
> means that the controller/action is also processed and rendered. The
> significance of this problem is that if the exception occurs prior to
> the "isAllowed" method of the ACL, then the permissions are NEVER checked.
I am actually not seeing the issue here. Assuming that 'throwException'
is set to false, and a plugin throws an uncaught exception, this
effectively means that plugins would continue to process, but the final
plugin the ErrorHandler (assuming it too has not been disabled), should
change the request to point to the default module, error controller /
error action.
Generally, any exceptions throw inside the Front Controller typically
mean your application should return status code 500. Exceptions being
throw anywhere in the controller system that are not legitimately caught
and handled properly SHOULD force the application to the ErrorController
and display an error page.
> to this problem. What I want is for the plugin to continue execution
> even if an exception is encountered so that the $acl->isAllowed() method
This generally means that your ACL plugin should probably have its own
try/catch block. Since you want the system to continue running, it also
sounds like you have a remedy for the "exceptional behavior" that you
are encountering. Your remedy would effectively be the code in the
"Catch" side of the block.
> access the admin area and if an exception was encountered during ACL
> creation, the admin page renders whether or not they actually have
This should not be happening. Exceptions during ACL creation should be
throwing an exception, that would force the ErrorController to dispatch.
Are you sure the ErrorHandler plugin is running last?
ACL's not being created correctly are effectively the same as the
database connection not being available on database driven sites. They
should force a 500 error page to be shown to the user, and perhaps send
off an email to the administrator.
-Ralph
没有评论:
发表评论