Zend_Acl , Ownership - request scope or injection in domain objects

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Zend_Acl , Ownership - request scope or injection in domain objects

derhaa
Hi,

I stand before implementing authorization/ownership in ZF based application.  I am developer but now I ask you as developer and architect in one person. I would like to know how to design authorization process. After I read some sources - there are two articles which interest me.

A. http://devzone.zend.com/article/3510-Zend_Acl-and-MVC-Integration-Part-II-Advanced-Use
B. http://www.weierophinney.net/matthew/archives/201-Applying-ACLs-to-Models.html

Where is good location to check rights and ownership?

I suppose that interconnecting domain with acl is not good, but there is a something what I do not see...


Reply | Threaded
Open this post in threaded view
|

Re: Zend_Acl , Ownership - request scope or injection in domain objects

Abraham Block
A lot of people (me included), like to have their domain entities implement the ACL Role interface, and then have the ACL check directly against the domain entities in question. You can do this in a service layer, or perhaps with some kind of event system.

On Fri, Oct 30, 2009 at 12:37 PM, tomascejka <[hidden email]> wrote:

Hi,

I stand before implementing authorization/ownership in ZF based application.
I am developer but now I ask you as developer and architect in one person. I
would like to know how to design authorization process. After I read some
sources - there are two articles which interest me.

A.
http://devzone.zend.com/article/3510-Zend_Acl-and-MVC-Integration-Part-II-Advanced-Use
B.
http://www.weierophinney.net/matthew/archives/201-Applying-ACLs-to-Models.html

Where is good location to check rights and ownership?




-----
Enviroment
==========

OS:
SUSE Linux Enterprice 10 (i586) - version 2.6.16.60-0.27-smp
Windows XP SP 3

Tomcat v6.0.16, 6.0.18
Java(TM) SE Runtime Enviroment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode)
Maven v2.0.9
Apache 2.2.11
MySQL 5.1.30
PHP 5.2.10
qooxdoo-0.8.2
Python 2.5
Zend framework 1.9.3
Dojo 1.3.2

Hudson:
=======
version 1.329
plugins: Maven 1.304, SSH Slaves
running: deployed in Tomcat

front-end developer web-based application
A.S.E.I. [http://www.asei.cz]
--
View this message in context: http://old.nabble.com/Zend_Acl-%2C-Ownership---request-scope-or-injection-in-domain-objects-tp26133244p26133244.html
Sent from the Zend Auth mailing list archive at Nabble.com.


Reply | Threaded
Open this post in threaded view
|

Re: Zend_Acl , Ownership - request scope or injection in domain objects

vineet daniel
Where are you going to store the ACL - in a file most probably then isnt't going to slow down the application in event of high traffic i.e reading from the disk. I dont think using ACL for high traffic site is a good option. Looking at ZF's slow performance using ACL will act as icing on cake. Correct me if I am wrong and this reply is not to prove that what you're doing is wrong. Just sharing my thoughts.

On Fri, Oct 30, 2009 at 10:23 PM, Abraham Block <[hidden email]> wrote:
A lot of people (me included), like to have their domain entities implement the ACL Role interface, and then have the ACL check directly against the domain entities in question. You can do this in a service layer, or perhaps with some kind of event system.


On Fri, Oct 30, 2009 at 12:37 PM, tomascejka <[hidden email]> wrote:

Hi,

I stand before implementing authorization/ownership in ZF based application.
I am developer but now I ask you as developer and architect in one person. I
would like to know how to design authorization process. After I read some
sources - there are two articles which interest me.

A.
http://devzone.zend.com/article/3510-Zend_Acl-and-MVC-Integration-Part-II-Advanced-Use
B.
http://www.weierophinney.net/matthew/archives/201-Applying-ACLs-to-Models.html

Where is good location to check rights and ownership?




-----
Enviroment
==========

OS:
SUSE Linux Enterprice 10 (i586) - version 2.6.16.60-0.27-smp
Windows XP SP 3

Tomcat v6.0.16, 6.0.18
Java(TM) SE Runtime Enviroment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode)
Maven v2.0.9
Apache 2.2.11
MySQL 5.1.30
PHP 5.2.10
qooxdoo-0.8.2
Python 2.5
Zend framework 1.9.3
Dojo 1.3.2

Hudson:
=======
version 1.329
plugins: Maven 1.304, SSH Slaves
running: deployed in Tomcat

front-end developer web-based application
A.S.E.I. [http://www.asei.cz]
--
View this message in context: http://old.nabble.com/Zend_Acl-%2C-Ownership---request-scope-or-injection-in-domain-objects-tp26133244p26133244.html
Sent from the Zend Auth mailing list archive at Nabble.com.



Reply | Threaded
Open this post in threaded view
|

Re: Zend_Acl , Ownership - request scope or injection in domain objects

Ralph Schindler-2
vd,

I am not sure what you are basing this on.  Out of the box, Zend_Acl
does not dictate how you use ACL: with a static definition, or even with
a dynamic definition one might read out of a database.

In general, Zend_Acl is probably one of the lightest components because
it no coupling with other components and only effectively has 2 jobs:

   a) to give you the proper interfaces to identify which objects are
roles and resoures, and
   b) to give you a minimal set of functionality to be able to determine
if according to the rules it were given, does some role have access to
some resource.

If you are finding that Zend_Acl is too slow, chances are it's not the
actual component, rather the implementation that is suspect number one.

-ralph

> reading from the disk. I dont think using ACL for high traffic site is a
> good option. Looking at ZF's slow performance using ACL will act as
> icing on cake. Correct me if I am wrong and this reply is not to prove