Hi
I think you need to add the error resource to the Acl and allow full access to
error controller.
Thanks
From: Mon Zafra
Sent: Friday, July 17, 2009 7:00 AM
To: Zend Framework General
Subject: Re: [fw-general] Zend_Acl When / Where to check your ACL?
The plugin preDispatch() is invoked earlier than the helper preDispatch(). The
order kinda looks like this:
plugins.routeStartup()
router.route()
plugins.routeShutdown()
plugins.dispatchLoopStartup()
[loop]
plugins.preDispatch()
[if controller exists]
controller.init()
helpers.preDispatch()
controller.preDispatch()
controller.action()
controller.postDispatch()
helpers.postDispatch()
[/if]
plugins.postDispatch()
[/loop while request.isDispatched is false]
plugins.dispatchLoopShutdown()
The problem with the ACL plugin is that the checking is done before the
dispatcher could determine if the controller class being requested exists.
There are a couple of ways to solve this:
- pull the dispatcher object from the front controller, test
$dispatcher->isDispatchable($request) in your plugin and act accordingly.
Basically, you duplicate the logic in the dispatcher dispatch().
- defer the checking until after the controller has been instantiated but
before the action.
You have three places to do the latter: controller init(), helper preDispatch()
and controller preDispatch(). Two of those require you to extend a different
base controller. I prefer doing it in a helper since I might want to have other
logic in some of my controller hooks so I don't have to remember calling
parent::init() or preDispatch().
-- Mon
On Fri, Jul 17, 2009 at 12:59 PM, J DeBord <jasdeb...@gmail.com> wrote:
2009/7/16 Vladas Diržys <vladas.dir...@gmail.com>
Why an action helper, why not a plugin?
I'd like to know as well. Is an action helper more appropriate for the case
I described, or should an action helper always be used for Authorization (
Zend_Acl anyways)?
In genral, what is the difference beteween front controller plugins and
action helpers. When would you use one instead of the other?
To give Vladas a short answer based on my case, the front controller plugin
did not provide the functionality I wanted. An action helper did.
Thanks a lot,
J
On Thu, Jul 16, 2009 at 14:24, Matthew Weier O'Phinney <matt...@zend.com>
wrote:
-- J DeBord <jasdeb...@gmail.com> wrote
(on Thursday, 16 July 2009, 09:30 AM +0200):
> I created a front controller plugin for checking my ACL against the
user's
> role. It first checks Zend_Auth for an identity. If an identity exists,
it
> grabs the identity's role. If no identity exists, it uses 'guest' as the
> default role. I hooked into the preDispatch() method of the front
controller
> plugin.
>
> This works, except that I've lost my "page not found functionality".
So I get
> "resource not found" or "not authorized" message when requests for non
> existance controllers or actions are made.
>
> Would it be better to have the controllers extend a "BaseController"
that does
> the ACL checks in the init() method?
>
> What is the preferred way or best practice for running the ACL checks?
Use an action helper with a preDispatch() hook, and register it in your
bootstrap. :)
--
Matthew Weier O'Phinney
Project Lead | matt...@zend.com
Zend Framework | http://framework.zend.com/
