2010年2月4日星期四

Re: [fw-auth] Re: ACL... but completely different

The permissions are handled by the 3rd argument, also known as privileges. So if you want to see if a user can edit a blog post, you'd do something like this:

if ($acl->isAllowed($user, $blogPost, 'edit')) {
    // allowed to edit
}

This assumes that $user is an object that implements Zend_Acl_Role_Interface, and $blogPost is an object that implements Zend_Acl_Resource_Interface, and that both have been registered with the ACL.

If you need to test if the user owns the blog post, your ACL can handle this if you create a custom assertion. Take a look at the reference guide for more details:

http://framework.zend.com/manual/en/zend.acl.advanced.html

--
Hector


On Thu, Feb 4, 2010 at 9:20 AM, Laura Dean <ldean@saleamp.com> wrote:

What is a good way to add an "owner" setting to the Acl?  Should I extend
Zend_Acl to allow for more permissions than allow/deny?
--
View this message in context: http://n4.nabble.com/ACL-but-completely-different-tp1299970p1469118.html
Sent from the Zend Auth mailing list archive at Nabble.com.


发帖者 lazayworm 时间: 09:25

没有评论:

发表评论

订阅: 博文评论 (Atom)