2010年6月25日星期五

Re: [fw-auth] Zend_ACl

Hi,

In your blog you have mentioned this way

"

Last but not least we define our access rules:

1. A subscriber has access to all articles
2. A visitor has access to all free articles
3. A visitor has access to all non-free articles that he paid for

"

Then How about some other new role like subscriber giving access to known visitors with some privileges how can this be handeled.


On Mon, Jun 21, 2010 at 6:01 PM, Jeroen Keppens <jeroen.keppens@gmail.com> wrote:
Hi Trinath,

I wrote a blog post on ACL / models a couple of weeks ago. It's not 100% what you are looking for I think, but it might get you on route to a solution. It shows how you can use ACL in your models, perform checks and in the case of the article make sure the visitor has access on a content-specific item (i.e. not just on "Article" but on a specific article).

http://www.amazium.com/blog/content-driven-access-control-with-zend-acl

Instead of having "device management" as a resource, you could have "device" as a resource. Your device model would then implement the Resource interface. Your actions add, edit, delete, view etc... would be privileges. You can then check in your service layer (or controller) if a User (implementing role) has edit (privilege) access on Device (implementing a resource) and then call the edit function on your module (or something similar).

Hope this is a good start for you.

wkr,
Jeroen

On 21 Jun 2010, at 13:51, Trinath Somanchi wrote:

> Hi All,
>
> I'm new to Zend_Acl and interested in knowing how it will be suiting for my ACL structure.
>
> The following are the Roles:
>
> [1] Super User
> [2] Administrator
> [3] Manager
> [4] Guest
>
> The following are the Resources.
>
> [1] Device Management
> [2] Application Management
> [3] Object Management
> [4] User Management
> [5] Server Administration
>
> And the following are the Rules.
>
> [1] Add/Edit/Delete User
> [2] Add/Edit/Delete Device
> [3] Allow access to Device for other users.
> [4] Add/Edit/Delete Application
> [5] Allow access to Application for other users.
> [6] Add/Edit/Delete Objects
> [7] Allow access to Objects for other users.
> [8] Do Database Backup
> [9] Archive and Restore Database
>
> All the above rules are assigned to ROLES. And Users are assigned to Roles.
>
> As it is clear, Any user having a Role can perform the tasks in the server/system as applicable with respect to the Rules present in the roles.
>
> Now, A user can ADD/EDIT/DELETE Devices, Application and Objects. Also I have another ACL for Devices, Applications and objects.
>
> User Bob (holds manager role) who owns a Device can create Applications for the device and objects for the application.
>
> Now Bob wants user John to have privilege to access for all objects under  Application "ABC" under Device "DD1".
>
> Also Bob wants to provide access for using objects "OBJ-1" and "OBJ-3" which he owned under Application "DEF" under Device "DD1".
>
> And also Bob wants to add another user "Jane" and wants to grant privilege for accessing Objects "OBJ-5" under Application "GHI" and all objects under Application "DHG" which under Device "DD1".
>
> The achieve the above use case, Bob must have Rules assigned to his role mentioned above from [1] to [7].
>
> Pleas help me on how Zend_ACL can be user for achieving this ACL.
>
> Thanks in advance.
>
>
> --
> Regards,
> ----------------------------------------------
> Trinath Somanchi,




--
Regards,
----------------------------------------------
Trinath Somanchi,

没有评论: