I am using plugins for acl check in most of the recent projects. I hope this
will create a protection layer around the application and front end
controller. I feel this approach will kick out all the denied request from
even touching our application. But for Ajax request i keep a separate
request handler which by-pass all the ACL's as well as standard framework
route to reduce overhead.
> I would like to know what would be good practice in placing ACLs. I have
> read some integrating them with models, some using plugin / helper and
> controllers as resources. What I would like to achieve, is a modular
> application that I could extend by writing modules. And I should be able to
> control access to these modules by some kind of control panel.
> What are advantages on each of these approaches and is there some more that
> I am not aware of?
> -- Miika