access level management for module in zend framework

4
votes

Isn't there acl order deny method for module. do i always have to add controller and index? i have an admin module and default module witch dozen controller in them and three dozen actions for them and it's really being wearisome

My code goes like this

class Management_Access extends Zend_Controller_Plugin_Abstract{

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        // set up acl
        $acl = new Zend_Acl();

        // add the roles
        $acl->addRole(new Zend_Acl_Role('guest'));
        $acl->addRole(new Zend_Acl_Role('administrator'), 'guest');

        // add the resources
        $acl->add(new Zend_Acl_Resource('index'));
        $acl->add(new Zend_Acl_Resource('error'));
        $acl->add(new Zend_Acl_Resource('login'));

        //admin resources
        $acl->add(new Zend_Acl_Resource('destination'));
        $acl->add(new Zend_Acl_Resource('home'));
        $acl->add(new Zend_Acl_Resource('page'));
        $acl->add(new Zend_Acl_Resource('tour'));
        $acl->add(new Zend_Acl_Resource('hotel'));

isn't there a way to check if resource is registered in acl?

UPDATE:: i have eight controllers in my default module and nine controllers in 'admin' module.

i have index controller in admin module as well as in default module. if i add allow guest index, the guest is also able to access the index page in admin module. admin module is only set for administrator

3
zend-framework
Please specify more details, show us example code.takeshin

3 Answers

4
votes

Two possible solutions:

  1. check current module in controller plugin ($request->getModuleName())
  2. implement the logic in module bootstrap (only for module you need).

Edit after update:

You just need to treat modules+controllers as resources, and actions as privileges:

$acl->deny('guest', 'adminmodulename:controllername', array('tour', 'hotel'));

or for all:

$acl->deny('guest', 'adminmodulename:controllername');

isn't there a way to check if resource is registered in acl?

$acl->has($resource)

1
votes

That's not a very specific question :)

Anyways... You will probably have to implement a user management yourself for ZF. But don't be afraid, there are tons of tutorials online! (e.g. here)

What do you mean by "do i always have to add controller and index?"?

0
votes

I understand your question. I suggest you make your application modular. For the ACL just move it up as well (aka make your modules the resources)!

e.g.

// ROLES
$this->addRole(new Zend_Acl_Role('guest')); // default
$this->addRole(new Zend_Acl_Role('Marketing'), 'guest'); // 15

// RESOURCES (MY MODULES)
$this->add(new Zend_Acl_Resource('auth'));
$this->add(new Zend_Acl_Resource('takeon'));

// PRIVILEGES
//
// default
$this->deny();
//
// guest
$this->allow('guest', 'auth');
// 15 Marketing
$this->allow('Marketing', 'default');
$this->allow('Marketing', 'takeon', array('index', 'ben10cards'));

Then in your plugin use:

// OBTAIN CONTROL LIST
$acl = new Auth_Model_Acl();

// OBTAIN RESOURCE
$module = $request->getModuleName();
$controller = $request->getControllerName();
// VALIDATE
if ($acl->isAllowed($role, $module, $controller)) {
    $allowed = true;

You might then not have resources available for actions, but works better for me :)