Hello
I have a controller that displays the latest news on the index page on my
site. Obviously, its called newsController that has the action latestNews
(called from the view's action helper).
Now i am developing the admin side of the site, it makes sense that i put
the add/edit/delete actions in the same newscontroller. However, if i define
access rules for these actions via zend_acl, it rules out the chance of
calling the latestAction for users not logged in.
Ideally, in the acl, i would like to define something like:
$this->allow(null, 'news', array('latest'));
...meaning that users with no role can only view the latestAction on the
news controller. Futher refinement of add/edit/delete can be defined for
mods/admins etc.
But the above is not possible, so i (think) i have two options - split the
functionality into two separate controllers - a latest news controller
(containing just the latestAction), accessible by non-logged in users,
followed by a news manager type of controller (for the crud actions for
logged in users) which is governed by the acl.
Alternatively, if there is a way of setting a sort of base credential using
zend_auth ie guest or siteVisitor, which can then be defined to view only
the latestAction on a single news controller?
hmmm...
--
View this message in context:
http://www.nabble.com/Setting-default-auth-object-tp20141150p20141150.html
Sent from the Zend Framework mailing list archive at Nabble.com.
