Re: [fw-auth] Re: ACL... but completely different

Instead of passing in the user id and blog post id, you want to pass in the user instance and blog instance. Then your assertion would take care of reading the IDs from the objects and determine if the user can edit it:

$acl->isAllowed($userObject, $blogObject, 'edit');

Your assertion might look like this:

if ($userObject->getId() == $blogObject->getAuthor()->getId()) {

    return true;

} else {

    return false;

}

This would also give you more flexibility in your assertions. Let's say you have a business rule where published blog entries can not be edited (even by the author). You would just need to update your assertion:

if ($blogObject->isPublished()) {

    return false;

}

if ($userObject->getId() == $blogObject->getAuthor()->getId()) {

    return true;

} else {

    return false;

}

--
Hector

On Mon, Mar 1, 2010 at 10:08 AM, George Secrieru <george.secrieru@gmail.com> wrote:

I can't see a use for that. As the idea of the assertion is to return true or false, you could just implement all the verifying needed in control structures if you need extra checks. This way, you could implement only one assertion.

Regards,
George

On Thu, Feb 4, 2010 at 5:36 PM, Laura Dean <ldean@saleamp.com> wrote:

I just extended Zend_Acl and added a getAssert() method so that I can see
which assertion is attached to which resource.  Next question... it looks
like only one assertion can be associated per resource/privilege, is that
correct?  It seems like it would be useful to support multiple assertions.
--
View this message in context: http://n4.nabble.com/ACL-but-completely-different-tp1299970p1469388.html

Sent from the Zend Auth mailing list archive at Nabble.com.

--
George Secrieru
51 - 9725 39 29