Thread: Zend_ACL and Zend_Config
View Single Post
  #4 (permalink)  
Old 07-26-2007, 01:25 AM
felixjendrusch felixjendrusch is offline
Junior Member
  
Join Date: Jul 2007
Location: Berlin, Germany
Posts: 1
Send a message via ICQ to felixjendrusch Send a message via MSN to felixjendrusch Send a message via Skype™ to felixjendrusch
Default
Quote:
Originally Posted by SpotSec View Post
PHP Code:
class App_Acl extends Zend_Acl{

    /**
     * Construct
     *
     */
    public function __construct() {
        $roles = new Roles();
        $resources = new Resources();
        $permissions = new Permissions();

        // Handle roles
        foreach ($roles->fetchAll() as $role) {
            // Handle inherited roles
            if ($role->parent_id) {
                $this->addRole(new Zend_Acl_Role($role->name), new Zend_Acl_Role($role->findParentRow('Roles')->name));
            } else {
                $this->addRole(new Zend_Acl_Role($role->name));
            }
        }

        // Handle resources
        foreach ($resources->fetchAll() as $resource) {
            // Handle inherited resources
            if ($resource->parent_id) {
                $this->add(new Zend_Acl_Resource($resource->name), new Zend_Acl_Resource($resource->findParentRow('Resources')->name));
            } else {
                $this->add(new Zend_Acl_Resource($resource->name));
            }
        }

        // Handle permissions
        foreach ($permissions->fetchAll() as $permission) {
            if (strcasecmp($permission->access'allow') == 0) {
                $this->allow($permission->findParentRow('Roles')->name$permission->findParentRow('Resources')->name);
            } else { // Deny by default
                $this->deny($permission->findParentRow('Roles')->name$permission->findParentRow('Resources')->name);
            }
        }

        // Hard-coded acls
        // Layout Controller
        $this->add(new Zend_Acl_Resource('Default_Layout'));
        $this->allow(null'Default_Layout');
        $this->add(new Zend_Acl_Resource('Auth_Index'));
        $this->allow(null'Auth_Index');
    }

Your code doesn't handle multiple parents and will throw an exception if a child row is processed before a parent row because the parent doesn't exist (haven't tested this but seems logical for me after taking a look at Zend_Acl_Role_Registry::add/get).

Here's an example setting up roles:

PHP Code:
    class Roles extends Zend_Db_Table_Abstract
    {
        protected $_name            'roles';
        protected $_dependentTables = array('RolesParents');
    }

    class RolesParents extends Zend_Db_Table_Abstract
    {
        protected $_name         'roles_parents';
        protected $_referenceMap = array('Child'  => array('columns'       => 'name',
                                                           'refTableClass' => 'Roles',
                                                           'refColumns'    => 'name'),
                                         'Parent' => array('columns'       => 'parent_name',
                                                           'refTableClass' => 'Roles',
                                                           'refColumns'    => 'name'));
    }

    function addRole(&$acl$role)
    {
        if (!$acl->hasRole($_role = new Zend_Acl_Role($role->name))) {
            $parents = array();

            foreach($role->findManyToManyRowset('Roles''RolesParents''Child''Parent') as $parent) {
                $parents[] = addRole($acl$parent);
            }

            $acl->addRole($_role$parents);
        }

        return $_role;
    }

    $acl   = new Zend_Acl();
    $roles = new Roles();

    foreach ($roles->fetchAll() as $role) {
        addRole($acl$role);
    } 
Should work. Tested it a bit.
__________________
Felix Jendrusch
Reply With Quote