Hi

I've just recently started using ZF and I'm liking it a lot. I've now however ran into some design problems. I've created a plugin for access control, it uses zend_acl + zend_auth. This plugin is called before a view is loaded. The plugin checks whether or not a user has rights to view the page (as page identification is used the controller name and the action name).

This is working quite well, no problems so far. The problems occur when I would need to use the acl in the view - for example, "Does the user have rights to view the page /someController/someAction? If yes, then print a link to that page". Obviously, because the acl is in the plugin, the view nor the controller can access it. How should design my application so, that plugin does what it does now AND I would have access to the acl outside the plugin? Should I create a auth model that does everything that the plugin does now and inside the plugin just create an instance of the model?

Even in this case, I would need to create two instances of the auth model, one in the plugin and one in the controller - this means that all queries to the database are done twice, which isn't very desirable.
Another solution might be to create the auth model, skip the plugin and call for the model in the controller's init() function. The negative side is that the checks wouldn't be automatic and I'd have to call for them manually in every controller.

Please help me, what would be the smartest design solution for my problem?

- Kimppa

I have a few different Default Controllers (hiearchical) which are extended from Zend_Controller_Action. I have put Acl check there.

I know, it is not good for reuseability, but it works

It depends a little on your design strategy.

Upon user login store the users access level (ex: Admin,Member,Guest etc) in a session var. Then when required, controll the user value against a predefined requirement.

public function myAction()
{
if (!my_acl::hasPermission('ADMIN'))
{
//do something
}
}

I probably wouldn't store acl info in a database unless it had to be dynamic, as in that a page might have different requirements at different times. Theres nothing wrong with hardcoding if it's done for the right things.

I wouldn't create several classes with the same code tho.. the OO way is to create one acl class to do all the work and then use an instance of that class in the acl plugin and the view/action helpers or controllers.

Just make the acl class a singleton and store anything you need in there.

Not the best answer I know, but I hope it'll give you an idea of how to proceed.