All geek questions in one place

Zend_ACL restriction?

I am considering using Zend_ACL. However, it seems to me that you create roles, and then grant these roles to controller permissions and actions that they may or may not receive.

However, for me this seems rather limited. In the past, I created a user permissions system in which I saved the user_id, module, controller, and action to which they have access, however I never gave them a group. Thus, it was for the user, for the module, for the controller, for the action based on what they could access.

So! I am wondering if I want to be less restrictive of the groups that I have to provide to a group of users and set these group permissions by default. Then download my user roles and write down the roles that the group defaults: is this how you guys would do it?

+3
source share
5 answers

Thanks for your feedback guys, however I decided to create my own. In case someone is interested:

public function verify($controller=NULL, $action='index', $module='administration') {

    if ((isset($this->object[$module]['all']) && is_string($this->object[$module]['all'])) || isset($this->object[$module][$controller][$action]) || (isset($this->object[$module][$controller]) && is_string($this->object[$module][$controller]))) {
        return true;
    }
}

public static function check($values) {

    $module         = $values['module']     ? $values['module']     : 'administration';
    $controller     = $values['controller'] ? $values['controller'] : 'index';
    $action         = $values['action']     ? $values['action']     : 'index';
    $user_id        = $values['user_id'];

    $db    = Zend_Registry::get('dbAdapter');
    $query = $db->prepare(" 
        SELECT * 
        FROM `".self::table_name."` 
        WHERE 
            (
                (`module` = :module AND `controller` = :controller AND `action` = :action) OR
                (`module` = :module_2 AND `controller` = :controller_2 AND `action` = '') OR 
                (`module` = :module_3 AND `controller` = '' AND `action` = '')
            )
        AND enabled = 1 
        AND user_id = :user_id      
        ");

    $query->bindValue('module',         $module);
    $query->bindValue('module_2',       $module);
    $query->bindValue('module_3',       $module);
    $query->bindValue('controller',     $controller);
    $query->bindValue('controller_2',   $controller);
    $query->bindValue('action',         $action);
    $query->bindValue('user_id',        $user_id);

    $query->execute();
    $item = $query->fetch(PDO::FETCH_OBJ);
    $query->closeCursor();

    if (is_object($item)) {
        return $item;
    } else {
        throw new exception("Could not load user permission for this page ($module, $controller, $action)");
    }
}

and in view:

    <?php if ($this->user_permissions->verify('movie')) { ?>
        <li class="parent">
            <img src="/design/images/icon/dvd.png" /> <span class="highlighter"><a href="/administration/movie/index">Movie</a></span>
            <?php if ($this->user_permissions->verify('movie', 'add')) { ?>
                 | <a href="/administration/movie/add">Add</a>
            <?php } ?>
            <?php if ($this->user_permissions->verify('movie', 'featured')) { ?>
                <ul>
                    <li>
                        <img src="/design/images/icon/order.png" /> <a href="/administration/movie/featured">Order Featured</a>
                    </li>
                </ul>
            <?php } ?>
        </li>
    <?php } ?>
0
source

You are in no way limited to using the role system to refer to groups in Zend_Acl.

For instance:

, Zend_Acl_Role_Interface, , . - user-1, .

, ACL, ( ):

if(!$acl->hasRole($this)) {
    $acl->addRole($this, $this->role); // Let say role == 'member' here
}

( , addRole, . , , .)

, , , ACL ( , ):

$acl->addRole('guest');
$acl->addRole('member', 'guest');

$acl->allow('guest', 'comments', 'read');
$acl->allow('member', 'comments', 'write');

$user = $My_User_Model->find(1);
$acl->allow($user, 'comments', 'moderate');



$acl->isAllowed($user, 'comments', 'read'); // true
$acl->isAllowed($user, 'comments', 'write'); // true
$acl->isAllowed($user, 'comments', 'moderate'); // true

$acl->isAllowed('member', 'comments', 'moderate'); // false

...

Zend Framework , . , , , , .

, ACL /. .

+3

, Zend_Acl. . .:)

+1

.

"" "", .

. , "", (, " " ). user_1234, .

1234.

0

( )

, . Id , :

$item['Movie'] = 1;
$item['Movie']['manage']['edit'] = 0;

, ( db, ), // .

if (isset($item[$module]) && $item[$module] == 1) {
   if (isset($item[$module][$controller][$action]) && $item[$module][$controller][$action] == 0) {
       return false;
   }
   return true;
} else { 
 return false;
}

, false, . ( , , , .

if :

<?php if ($this->userPermission['Movie']['manage']['edit'])) { ?>
<a href="/administration/Movie/manage/edit/id/1">Edit Movie</a><?php } ?>

, - , . Zend_ACL , , , , .

0

Source: https://habr.com/ru/post/1752314/

More articles:


All Articles