Muhammad Ali wrote:
I have ACL plugin to restrict different controllers and User
controller have action called changePasswordAction. I can get to
action using /user/change-password/ and it works fine, but before
while i am constructing my Acl action name comes as change-password
rather changePassword.
Is this how it should work?
Hi Muhammad,
I'd advise handling your ACL at service level, not controller /
dispatcher level. In steno:
Controller {
someAction {
getRequestedThing()->doAction()
}
}
RequestedThing {
doAction() {
if(!acl->audit(thisAction)) {
throw new RequestedThing_ServiceDeniedException();
}
getModel()->doAction()
}
}
You can of course still keep your acl naming based on methods, but this
way it keeps the ACL clear from the controllers, and therefore much
easier to test.
drm / Gerard
