Comments on: ACL in Zend Framework

By: test

test — Mon, 30 Jan 2012 14:50:32 +0000

weweewe

By: Kim

Kim — Sun, 13 Feb 2011 07:53:46 +0000

I see that Matthew Weier O’Phinney does something similar, but his user object (which implements the ACL Role interface) is stored in the session. Could be a nice tweak?

By: Avi

Avi — Wed, 14 Jul 2010 20:19:46 +0000

Yup, this bug has been fixed.

By: talentedmrjones

talentedmrjones — Wed, 14 Jul 2010 20:14:37 +0000

It seems that the bug you mentioned was fixed in ZF 1.9.1. So I assume that at this point (Im using 1.10.4) I dont need to subclass Zend_Acl or Zend_Acl_Role_Registry, and that implementing a Zend_Acl_Assert_Interface will suffice. Am I correct?

By: Avi

Avi — Tue, 27 Apr 2010 21:58:12 +0000

Sorry for taking such a long time to get back. A role is anything that implements the Zend_Role interface. Doesn’t necessarily have anything to do with users per se.

By: darvid

darvid — Wed, 09 Dec 2009 22:32:43 +0000

Resource should instead allow you to optionally specify any object, and you name it when you add it. So say you have an application object you want to protect you do this:

$object=new Application();

$acl->addResource(new ZendAclResource(“name”, $object));

Then the object is magically contained in the resource record so you can access it with the assert interface.

By: ronny stalker

ronny stalker — Thu, 12 Nov 2009 02:52:28 +0000

Its refreshing to see another person detecting that whole ‘ACL protects controllers’ smell’. I have always been scared of that technique. But, cos of my limited knowledge of OOP I did not feel confident enough to argue against that idea. Instead i just remained confused about ACL as a whole. So, thanks for the reassurance that i was not totally dumb.

I’m still a bit confused, though. In your model, or ubiquitous language, what exactly is ‘an author’?

Is it ‘a user’ or ‘a role’. It seems to be both.
As far as i can tell from your example. For every type of resource, (article/message/comment) you need to create a user/role object that deals with it specifically.

I would be sooo grateful if you could add some more to this tutorial and give, say, two more examples of how it works.

3 is the magic number.

Then, I feel I might be able to extrapolate these dots of wisdom into a curve of knowledge.

By: Avi

Avi — Fri, 31 Jul 2009 13:13:16 +0000

The user object in this case implements the Zend_Acl_Role_Interface. If the role of your user object is one that inherits from two roles, Zend_Acl should be able to take care of that. I’m not following you’re problem.

By: jonathan

jonathan — Mon, 27 Jul 2009 17:37:05 +0000

because when you pass in the user to check if it’s allowed to perform the action, the acl checks up the chain, grabbing roles from the registry. when it gets to author, it would be getting whatever was added to the acl when the acl was set up. i’m not sure how that would be associated with the user that was passed in?

By: Avi

Avi — Sun, 26 Jul 2009 19:00:12 +0000

Why would the user object not be in the assertion?