Hi valugi
Let's review your code first You're using Zend_Registy in your example, but i'm not sure why. I think you're confusing it with the Role-Registry? Zend_Registry is a different thing and not part of Zend_Acl. Also, you forget to instantiate proper roles and resources (through Zend_Acl_Role and Zend_Acl_Resource). I've rewritten your example: class My_Acl_Assert_Test implements Zend_Acl_Assert_Interface { public function __construct($test) { $this->test= $test; } public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { return $this->_test(); } protected function _test() { return $this->test; } } //controller code $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('client')); $acl->add(new Zend_Acl_Resource('resource')); $bool = $acl->isAllowed('client', 'resource'); var_dump($bool); $assertRule = new My_Acl_Assert_Test( false ); // new rules $acl->allow('client', 'resource', null , $assertRule ); $bool = $acl->isAllowed('client', 'resource' ); var_dump($bool); This outputs the boolean 'false' twice, as expected. In case you're still unsure how assertions work: you should see them as a dependency on the rule. If the assertion returns false it means acl should ignore the rule. It will then then look if it can find another rule through inheritance and if no such rule can be found it will return the default 'false' i hope that clears things up for you ----- http://devshed.excudo.net http://devshed.excudo.net -- View this message in context: http://www.nabble.com/Zend_Acl_Assert_Interface-Usage-tp19668142p19683552.html Sent from the Zend Framework mailing list archive at Nabble.com.