All geek questions in one place

Deploying Zend_Acl in a modular, structured application with identical controller names

I am new to Zend Framework. I began to study it during a project that I am still working on at school. I got a little stuck on how to deal with ACLs in conjunction with my modular structure (which I really like), and researching the Internet doesn't seem to give me the information I need. Probably because I am not very structured yet, but I still thought I would ask here. Thanks in advance!

At the moment, following most of the best practices that I have researched, I have created a modular structure, for example:

application/ modules/ admin/ default/

I use the plugin to manage my ACL, for example (for simplicity / readability, I added only a part):

 $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member'), 'guest'); ->addRole(new Zend_Acl_Role('admin'), 'member'); $acl->addResource(new Zend_Acl_Resource('index')); ->addResource(new Zend_Acl_Resource('admin:index')); $acl->allow('guest', 'index', array('index')); ->allow('member', 'index', array('userpanel')); ->allow('admin');

In any case, the ACL works fine in the default module - even in the admin module, but the problem occurs when I have identical controller names and actions, for example:

 This action will allow users to edit their own account Module: Default Controller: User Action: Edit This action will allow an admin to edit any account Module: Admin Controller: User Action: Edit

When I set the rule in the ACL as follows:

 $acl->allow('member', 'user', array('edit'));

The user will also be allowed access to the admin edit page on the user controller. How to tell ACL what is the difference between modules? I saw that in many examples, to add resources to the ACL, "admin: user" was used instead of "user" as the name of the controller / resource. This does not seem to work if the names of the controllers and / or actions are identical.

So, the big question is: how do I solve this problem in my current situation or how do you suggest me to structure my application in order to avoid the problem together? I would prefer not to resort to using additional control prefixes, such as "Admin_AdminUserController", or simply remove all modules and just do "adminEditAction", etc.

+4
source share
1 answer

I am interested in what others have to say, but I thought I was offering you one possible solution.

In my current project, I use a separate ACL for my default (end-user) module and my administration module. In addition, for the admin module, I extended Zend_Auth and found that it uses a different session namespace (Zend_Auth_admin), so user logins are completely isolated from administrator logins. A person can be registered as a user and an administrator at the same time because he uses two different Zend_Session namespaces.

However, we still have the administrator role in the user ACL, because we allow the administrator user to register in any user account from the administrator module (no personal / confidential information is part of our user accounts).

In our case, it is much easier to read and understand ACLs when the administrative and user ACLs are separate, since the ACL administrator has many rules, and some logics are completely separate from the user ACLs.

This may or may not be a useful approach in your project, but I thought I would put it there as an opportunity. Good luck

+3
source

Source: https://habr.com/ru/post/1389078/

More articles:


All Articles