Zend_ACL and Zend_Config

tlmarker · #1 (**permalink**) 07-23-2007, 03:14 AM

I am currently working on an application suite based on ZF. The plan is to have core set of functions to provide ACL, Auth, Installation, and Template functions.

I am new to ACL, and have been trying to find the best way the handle creating a easy system to manage it. My idea is this. I will use a database to store roles, resources, permissions, and access rules. Once all the information is in the database, I will have a function to built and access list. This access list will then be cached. I hope the cache will make it so that I will not have to recreate the access list on every call to the suite. As far as updateing the cache, that will only need to be done when new information is added.

I am not sure if the is a viable concept. I was hoping to get some ideas on this concept. Be gentle, as I program as a hobby and sometimes I find the worst way to get something to work.

Regards,
Troy

Deprecated · #2 (**permalink**) 07-23-2007, 11:52 PM

That sounds like a good approach to me. Exactly the approach I am taking (probably why it sounds good). From reading the ZF Docs, that seems the logical way to go about it.

I can provide the code I am using to build the ACL from the database if you would like. It's not exactly refined as yet, but I think it works.

Though, it is the first time I've used the Zend ACL, so if anyone with any actual working experience has any input, I would also be interested to hear it.

SpotSec · #3 (**permalink**) 07-24-2007, 03:54 AM

PHP Code:


			
class App_Acl extends Zend_Acl{

    /**
     * Construct
     *
     */
    public function __construct() {
        $roles = new Roles();
        $resources = new Resources();
        $permissions = new Permissions();

        // Handle roles
        foreach ($roles->fetchAll() as $role) {
            // Handle inherited roles
            if ($role->parent_id) {
                $this->addRole(new Zend_Acl_Role($role->name), new Zend_Acl_Role($role->findParentRow('Roles')->name));
            } else {
                $this->addRole(new Zend_Acl_Role($role->name));
            }
        }

        // Handle resources
        foreach ($resources->fetchAll() as $resource) {
            // Handle inherited resources
            if ($resource->parent_id) {
                $this->add(new Zend_Acl_Resource($resource->name), new Zend_Acl_Resource($resource->findParentRow('Resources')->name));
            } else {
                $this->add(new Zend_Acl_Resource($resource->name));
            }
        }

        // Handle permissions
        foreach ($permissions->fetchAll() as $permission) {
            if (strcasecmp($permission->access, 'allow') == 0) {
                $this->allow($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);
            } else { // Deny by default
                $this->deny($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);
            }
        }

        // Hard-coded acls
        // Layout Controller
        $this->add(new Zend_Acl_Resource('Default_Layout'));
        $this->allow(null, 'Default_Layout');
        $this->add(new Zend_Acl_Resource('Auth_Index'));
        $this->allow(null, 'Auth_Index');
    }
}

felixjendrusch · #4 (**permalink**) 07-26-2007, 01:25 AM

Quote:

Originally Posted by SpotSec

PHP Code:


			
class App_Acl extends Zend_Acl{



    /**

     * Construct

     *

     */

    public function __construct() {

        $roles = new Roles();

        $resources = new Resources();

        $permissions = new Permissions();



        // Handle roles

        foreach ($roles->fetchAll() as $role) {

            // Handle inherited roles

            if ($role->parent_id) {

                $this->addRole(new Zend_Acl_Role($role->name), new Zend_Acl_Role($role->findParentRow('Roles')->name));

            } else {

                $this->addRole(new Zend_Acl_Role($role->name));

            }

        }



        // Handle resources

        foreach ($resources->fetchAll() as $resource) {

            // Handle inherited resources

            if ($resource->parent_id) {

                $this->add(new Zend_Acl_Resource($resource->name), new Zend_Acl_Resource($resource->findParentRow('Resources')->name));

            } else {

                $this->add(new Zend_Acl_Resource($resource->name));

            }

        }



        // Handle permissions

        foreach ($permissions->fetchAll() as $permission) {

            if (strcasecmp($permission->access, 'allow') == 0) {

                $this->allow($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);

            } else { // Deny by default

                $this->deny($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);

            }

        }



        // Hard-coded acls

        // Layout Controller

        $this->add(new Zend_Acl_Resource('Default_Layout'));

        $this->allow(null, 'Default_Layout');

        $this->add(new Zend_Acl_Resource('Auth_Index'));

        $this->allow(null, 'Auth_Index');

    }

}

Your code doesn't handle multiple parents and will throw an exception if a child row is processed before a parent row because the parent doesn't exist (haven't tested this but seems logical for me after taking a look at Zend_Acl_Role_Registry::add/get).

Here's an example setting up roles:

PHP Code:


			
    class Roles extends Zend_Db_Table_Abstract

    {

        protected $_name            = 'roles';

        protected $_dependentTables = array('RolesParents');

    }



    class RolesParents extends Zend_Db_Table_Abstract

    {

        protected $_name         = 'roles_parents';

        protected $_referenceMap = array('Child'  => array('columns'       => 'name',

                                                           'refTableClass' => 'Roles',

                                                           'refColumns'    => 'name'),

                                         'Parent' => array('columns'       => 'parent_name',

                                                           'refTableClass' => 'Roles',

                                                           'refColumns'    => 'name'));

    }



    function addRole(&$acl, $role)

    {

        if (!$acl->hasRole($_role = new Zend_Acl_Role($role->name))) {

            $parents = array();



            foreach($role->findManyToManyRowset('Roles', 'RolesParents', 'Child', 'Parent') as $parent) {

                $parents[] = addRole($acl, $parent);

            }



            $acl->addRole($_role, $parents);

        }



        return $_role;

    }



    $acl   = new Zend_Acl();

    $roles = new Roles();



    foreach ($roles->fetchAll() as $role) {

        addRole($acl, $role);

    }

Should work. Tested it a bit.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode