Almost every web site need some abstraction over the access control list (ACL) to grant access of its users. As usual Zend Framework has quite good mechanism to deal with this – Zend_Acl.
Out in the web there are a lot of resources about Zend_Acl’s usage, so I ain’t going to cover it one more time, but simply copy/paste a very small front controller plugin implementing the basic usage of Zend_Acl.
Note that instead of defining the __construct() here is called preDispatch where the request is passed as a parameter. However only by copy pasting not every answer will be given. That’s why I’m going to write more about Zend_Acl in my future posts, for now only the source code:
<?php class AclInit extends Zend_Controller_Plugin_Abstract { public function preDispatch(Zend_Controller_Request_Abstract $request) { // create new acl object $acl = new Zend_Acl(); // define resources. typically there are // only four resources from the CRUD functionality // but there can be added more resources $acl->add(new Zend_Acl_Resource('index')) ->add(new Zend_Acl_Resource('create')) ->add(new Zend_Acl_Resource('read')) ->add(new Zend_Acl_Resource('update')) ->add(new Zend_Acl_Resource('delete')); // define roles $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('admin')); // define privileges $acl->allow('guest', array('index', 'read')) ->allow('admin'); // setup acl in the registry for more Zend_Registry::set('acl', $acl); // check permissions if (!$acl->isAllowed('guest', $request->getActionName())) { $request->setControllerName('error'); $request->setActionName('error'); } } } |