ACL and group

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ACL and group

mbariou

I don't know if it's the right place to send my request, but I try and thank for your help

I'm starting with the Zend framework. I need in a first time to master ACL. So I understand ACO, ARO and I run the different examples and I see how to give perms to a group, but to a group only not for a member of a group... Now I have a user, for example Peter. And I have Peter member of the group editor . How can I give access to a specific user to an ACO

 $access_list = new Zend_Acl();
 $access_list->deny(); // By default access is denied to everybody
 $registry = $access_list->aroRegistry(); 

 $registry->add("editor"); 
 $access_list->allow($registry->editor Array("edit", "submit", "update", "publish", "delete", "archive")));
 /**
  * The question is here, if you know the group it's easy to ask for the perm with the following test
  * But how can I link the member of a group (editor in the example) to the ACL ?
  * I can know that Peter (with ID : $UserId) is member of the group editor....
  *  and I write the following not very subtle code....
  */ 
if ($group->is_member($UserId, "editor")){

           if(($access_list->valid($registry->editor, "edit") ? "allowed" : "denied") == "allowed"){
	              // HERE THE GROUP  IS ALLOWED TO EDIT
                     // I've access here to the following set of instructions....
                     .......................
                     .......................

            }else{

             .... No access
          }
}else{
     .................No Access
}

In my point of view it's not very subtle, I need two tests, I presume I'm lost somewhere. Please could you show me the way :-)

Thank for your help

Marcel
Reply | Threaded
Open this post in threaded view
|

Re: ACL and group

Darby Felton
Hi Marcel,

It appears that you are using the current incubator version of Zend_Acl,
which will soon be deprecated by a version in a branch on which I am
currently working:

svn co http://framework.zend.com/svn/framework/branch/Zend_Acl

I would encourage you to try this version of the component, and I am
currently working on documentation for it, based on the documentation
for the incubator version of Zend_Acl.

I think, however, that in both versions, you need not query against the
group unless you are wanting to ask that question. Instead, it usually
makes more sense to query whether a particular user has access to an
ACO. Zend_Acl automatically determines to which groups the user belongs
and which privileges that the user inherits as a result of belonging to
various groups. In essence, you'd usually write something like:

$acl = new Zend_Acl();
// ... setup omitted for brevity
if (!$acl->isAllowed($someUser, $someAco, $somePrivilege)) {
    throw new AccessControlException('...');
}
// continue since access is allowed

Hope this helps, and please be patient as we work on rolling out Preview
Release 0.6.0, which includes the new Zend_Acl component.

Best regards,
Darby

mbariou wrote:

> I don't know if it's the right place to send my request, but I try and
> thank for your help
>
> I'm starting with the Zend framework. I need in a first time to master
> ACL. So I understand ACO, ARO and I run the different examples and I see
> how to give perms to a group, but to a group only not for a member of a
> group... Now I have a user, for example Peter. And I have Peter member
> of the group editor . How can I give access to a specific user to an ACO
>
>  $access_list = new Zend_Acl();
>  $access_list->deny(); // By default access is denied to everybody
>  $registry = $access_list->aroRegistry();
>
>  $registry->add("editor");
>  $access_list->allow($registry->editor Array("edit", "submit", "update", "publish", "delete", "archive")));
>
>  /**
>   * The question is here, if you know the group it's easy to ask for the perm with the following test
>   * But how can I link the member of a group (editor in the example) to the ACL ?
>   * I can know that Peter (with ID : $UserId) is member of the group editor....
>   *  and I write the following not very subtle code....
>   */
>
> if ($group->is_member($UserId, "editor")){
>
>            if(($access_list->valid($registry->editor, "edit") ? "allowed" : "denied") == "allowed"){
>              // HERE THE GROUP  IS ALLOWED TO EDIT
>                      // I've access here to the following set of instructions....
>                      .......................
>                      .......................
>
>             }else{
>
>              .... No access
>           }
> }else{
>      .................No Access
> }
>
> In my point of view it's not very subtle, I need two tests, I presume
> I'm lost somewhere. Please could you show me the way :-)
>
> Thank for your help
>
> Marcel
> ------------------------------------------------------------------------
> View this message in context: ACL and group
> <http://www.nabble.com/ACL-and-group-tf2819927s16154.html#a7870797>
> Sent from the Zend Auth <http://www.nabble.com/Zend-Auth-f16181.html>
> mailing list archive at Nabble.com.