![]() |
|
|||
|
I am currently working on an application suite based on ZF. The plan is to have core set of functions to provide ACL, Auth, Installation, and Template functions.
I am new to ACL, and have been trying to find the best way the handle creating a easy system to manage it. My idea is this. I will use a database to store roles, resources, permissions, and access rules. Once all the information is in the database, I will have a function to built and access list. This access list will then be cached. I hope the cache will make it so that I will not have to recreate the access list on every call to the suite. As far as updateing the cache, that will only need to be done when new information is added. I am not sure if the is a viable concept. I was hoping to get some ideas on this concept. Be gentle, as I program as a hobby and sometimes I find the worst way to get something to work. Regards, Troy |
|
|||
|
That sounds like a good approach to me. Exactly the approach I am taking (probably why it sounds good). From reading the ZF Docs, that seems the logical way to go about it.
I can provide the code I am using to build the ACL from the database if you would like. It's not exactly refined as yet, but I think it works. Though, it is the first time I've used the Zend ACL, so if anyone with any actual working experience has any input, I would also be interested to hear it. |
|
||||
|
[php]
class App_Acl extends Zend_Acl{ /** * Construct * */ public function __construct() { $roles = new Roles(); $resources = new Resources(); $permissions = new Permissions(); // Handle roles foreach ($roles->fetchAll() as $role) { // Handle inherited roles if ($role->parent_id) { $this->addRole(new Zend_Acl_Role($role->name), new Zend_Acl_Role($role->findParentRow('Roles')->name)); } else { $this->addRole(new Zend_Acl_Role($role->name)); } } // Handle resources foreach ($resources->fetchAll() as $resource) { // Handle inherited resources if ($resource->parent_id) { $this->add(new Zend_Acl_Resource($resource->name), new Zend_Acl_Resource($resource->findParentRow('Resources')->name)); } else { $this->add(new Zend_Acl_Resource($resource->name)); } } // Handle permissions foreach ($permissions->fetchAll() as $permission) { if (strcasecmp($permission->access, 'allow') == 0) { $this->allow($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name); } else { // Deny by default $this->deny($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name); } } // Hard-coded acls // Layout Controller $this->add(new Zend_Acl_Resource('Default_Layout')); $this->allow(null, 'Default_Layout'); $this->add(new Zend_Acl_Resource('Auth_Index')); $this->allow(null, 'Auth_Index'); } } [/php]
__________________
Zym Framework - A Zend Framework extension library w/ demo app SpotSec Blog: http://spotsec.com/blog |
|
|||
|
Quote:
Here's an example setting up roles: [PHP] class Roles extends Zend_Db_Table_Abstract { protected $_name = 'roles'; protected $_dependentTables = array('RolesParents'); } class RolesParents extends Zend_Db_Table_Abstract { protected $_name = 'roles_parents'; protected $_referenceMap = array('Child' => array('columns' => 'name', 'refTableClass' => 'Roles', 'refColumns' => 'name'), 'Parent' => array('columns' => 'parent_name', 'refTableClass' => 'Roles', 'refColumns' => 'name')); } function addRole(&$acl, $role) { if (!$acl->hasRole($_role = new Zend_Acl_Role($role->name))) { $parents = array(); foreach($role->findManyToManyRowset('Roles', 'RolesParents', 'Child', 'Parent') as $parent) { $parents[] = addRole($acl, $parent); } $acl->addRole($_role, $parents); } return $_role; } $acl = new Zend_Acl(); $roles = new Roles(); foreach ($roles->fetchAll() as $role) { addRole($acl, $role); }[/PHP] Should work. Tested it a bit. |
![]() |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
| Designed by: Miner Skinz |
Powered by vBulletin® Version 3.8.4 Copyright ©2000 - 2010, Jelsoft Enterprises Ltd. Search Engine Friendly URLs by vBSEO 3.1.0 |
![]() |