Where does Zend_Acl_Resource_Interface fit in?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Where does Zend_Acl_Resource_Interface fit in?

Jamie Krasnoo
I'm trying to figure out how Zend_Acl_Resource_Interface fits in to
being implemented in to a resource. Could someone please explain to me
or point me to where I could find an example as to how to use the
interface?

Jamie
Reply | Threaded
Open this post in threaded view
|

Re: Where does Zend_Acl_Resource_Interface fit in?

Abraham Block
Specks wrote
I'm trying to figure out how Zend_Acl_Resource_Interface fits in to
being implemented in to a resource. Could someone please explain to me
or point me to where I could find an example as to how to use the
interface?

Jamie
Wow. This is really old, but still worth answering! The point of Zend_Acl_Resource_Interface, is IMO, so that Zend_Acl can be "aware" of your applications resources, if they are implemented in an object oriented manner. For example, if you had a class which represents a blog post, that would be a resource. If your blog post class implements this interface, and the getRoleId() returns something like "blog_post", you can plug this into an ACL query like this:

$acl->isAllowed($user, $blog_post, 'edit');

(btw, your User object can also implement Zend_Acl_Role_Interface in a similar manner).

Which will probably hit a rule like $acl->allow('author', 'blog_post', array('edit').

This really shines when you use a custom assertion...for example to check if an author can only edit *his* post. The assertion will wind up with an actual reference to your blog post object and your user object! Unfortunately there is reported bug in Zend_Acl which prevents this behaviour from happening, but there are hacks to fix it.

You can read more about this on my blog http://www.aviblock.com/blog/2009/03/19/acl-in-zend-framework/



Reply | Threaded
Open this post in threaded view
|

Re: Where does Zend_Acl_Resource_Interface fit in?

Jamie Krasnoo
Hi Avi,

Thanks for the answer. I appreciate it. For an old question it still clears up a few things for me.

Jamie

On Wed, May 13, 2009 at 7:45 AM, Avi Block <[hidden email]> wrote:


Specks wrote:
>
> I'm trying to figure out how Zend_Acl_Resource_Interface fits in to
> being implemented in to a resource. Could someone please explain to me
> or point me to where I could find an example as to how to use the
> interface?
>
> Jamie
>
>

Wow. This is really old, but still worth answering! The point of
Zend_Acl_Resource_Interface, is IMO, so that Zend_Acl can be "aware" of your
applications resources, if they are implemented in an object oriented
manner. For example, if you had a class which represents a blog post, that
would be a resource. If your blog post class implements this interface, and
the getRoleId() returns something like "blog_post", you can plug this into
an ACL query like this:

$acl->isAllowed($user, $blog_post, 'edit');

(btw, your User object can also implement Zend_Acl_Role_Interface in a
similar manner).

Which will probably hit a rule like $acl->allow('author', 'blog_post',
array('edit').

This really shines when you use a custom assertion...for example to check if
an author can only edit *his* post. The assertion will wind up with an
actual reference to your blog post object and your user object!
Unfortunately there is reported bug in Zend_Acl which prevents this
behaviour from happening, but there are hacks to fix it.

You can read more about this on my blog
http://www.aviblock.com/blog/2009/03/19/acl-in-zend-framework/




--
View this message in context: http://www.nabble.com/Where-does-Zend_Acl_Resource_Interface-fit-in--tp13922601p23523224.html
Sent from the Zend Auth mailing list archive at Nabble.com.