Zend_ACL and Zend_Config

**tlmarker** · 07-23-2007 03:14 AM

I am currently working on an application suite based on ZF. The plan is to have core set of functions to provide ACL, Auth, Installation, and Template functions.

I am new to ACL, and have been trying to find the best way the handle creating a easy system to manage it. My idea is this. I will use a database to store roles, resources, permissions, and access rules. Once all the information is in the database, I will have a function to built and access list. This access list will then be cached. I hope the cache will make it so that I will not have to recreate the access list on every call to the suite. As far as updateing the cache, that will only need to be done when new information is added.

I am not sure if the is a viable concept. I was hoping to get some ideas on this concept. Be gentle, as I program as a hobby and sometimes I find the worst way to get something to work.

Regards,
Troy

**Deprecated** · 07-23-2007 11:52 PM

That sounds like a good approach to me. Exactly the approach I am taking (probably why it sounds good). From reading the ZF Docs, that seems the logical way to go about it.

I can provide the code I am using to build the ACL from the database if you would like. It's not exactly refined as yet, but I think it works.

Though, it is the first time I've used the Zend ACL, so if anyone with any actual working experience has any input, I would also be interested to hear it.

**SpotSec** · 07-24-2007 03:54 AM

[php]
class App_Acl extends Zend_Acl{

/**
* Construct
*
*/
public function __construct() {
$roles = new Roles();
$resources = new Resources();
$permissions = new Permissions();

// Handle roles
foreach ($roles->fetchAll() as $role) {
// Handle inherited roles
if ($role->parent_id) {
$this->addRole(new Zend_Acl_Role($role->name), new Zend_Acl_Role($role->findParentRow('Roles')->name));
} else {
$this->addRole(new Zend_Acl_Role($role->name));
}
}

// Handle resources
foreach ($resources->fetchAll() as $resource) {
// Handle inherited resources
if ($resource->parent_id) {
$this->add(new Zend_Acl_Resource($resource->name), new Zend_Acl_Resource($resource->findParentRow('Resources')->name));
} else {
$this->add(new Zend_Acl_Resource($resource->name));
}
}

// Handle permissions
foreach ($permissions->fetchAll() as $permission) {
if (strcasecmp($permission->access, 'allow') == 0) {
$this->allow($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);
} else { // Deny by default
$this->deny($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);
}
}

// Hard-coded acls
// Layout Controller
$this->add(new Zend_Acl_Resource('Default_Layout'));
$this->allow(null, 'Default_Layout');
$this->add(new Zend_Acl_Resource('Auth_Index'));
$this->allow(null, 'Auth_Index');
}
}
[/php]

**felixjendrusch** · 07-26-2007 01:25 AM

Originally Posted by SpotSec

[php]
class App_Acl extends Zend_Acl{

/**
* Construct
*
*/
public function __construct() {
$roles = new Roles();
$resources = new Resources();
$permissions = new Permissions();

// Handle roles
foreach ($roles->fetchAll() as $role) {
// Handle inherited roles
if ($role->parent_id) {
$this->addRole(new Zend_Acl_Role($role->name), new Zend_Acl_Role($role->findParentRow('Roles')->name));
} else {
$this->addRole(new Zend_Acl_Role($role->name));
}
}

// Handle resources
foreach ($resources->fetchAll() as $resource) {
// Handle inherited resources
if ($resource->parent_id) {
$this->add(new Zend_Acl_Resource($resource->name), new Zend_Acl_Resource($resource->findParentRow('Resources')->name));
} else {
$this->add(new Zend_Acl_Resource($resource->name));
}
}

// Handle permissions
foreach ($permissions->fetchAll() as $permission) {
if (strcasecmp($permission->access, 'allow') == 0) {
$this->allow($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);
} else { // Deny by default
$this->deny($permission->findParentRow('Roles')->name, $permission->findParentRow('Resources')->name);
}
}

// Hard-coded acls
// Layout Controller
$this->add(new Zend_Acl_Resource('Default_Layout'));
$this->allow(null, 'Default_Layout');
$this->add(new Zend_Acl_Resource('Auth_Index'));
$this->allow(null, 'Auth_Index');
}
}
[/php]

Your code doesn't handle multiple parents and will throw an exception if a child row is processed before a parent row because the parent doesn't exist (haven't tested this but seems logical for me after taking a look at Zend_Acl_Role_Registry::add/get).

Here's an example setting up roles:

[PHP] class Roles extends Zend_Db_Table_Abstract
{
protected $_name = 'roles';
protected $_dependentTables = array('RolesParents');
}

class RolesParents extends Zend_Db_Table_Abstract
{
protected $_name = 'roles_parents';
protected $_referenceMap = array('Child' => array('columns' => 'name',
'refTableClass' => 'Roles',
'refColumns' => 'name'),
'Parent' => array('columns' => 'parent_name',
'refTableClass' => 'Roles',
'refColumns' => 'name'));
}

function addRole(&$acl, $role)
{
if (!$acl->hasRole($_role = new Zend_Acl_Role($role->name))) {
$parents = array();

foreach($role->findManyToManyRowset('Roles', 'RolesParents', 'Child', 'Parent') as $parent) {
$parents[] = addRole($acl, $parent);
}

$acl->addRole($_role, $parents);
}

return $_role;
}

$acl = new Zend_Acl();
$roles = new Roles();

foreach ($roles->fetchAll() as $role) {
addRole($acl, $role);
}[/PHP]

Should work. Tested it a bit.

Thread: Zend_ACL and Zend_Config

LinkBack

Thread Tools

Search Thread

Display

Zend_ACL and Zend_Config

Similar Threads

Getting data from zend_config into model

Group elements with Zend_Form when using ini-files and Zend_Config

Zend_Validate_Input using Zend_Config

Iterate through Zend_Config with multiple elements

Zend_Config overwrite

Posting Permissions