Re: [fw-general] Re: [ZF2] What's the proper way to register global MVC plugins?

[Matthew Weier O'Phinney]

-- cmple <roman.vidya...@gmail.com> wrote
(on Sunday, 26 February 2012, 07:32 PM -0800):
> But this means that I'll have to add "$this->myAcl()->isAllowed()" in
> every controller which makes my code redundant.  Is there a way to use
> it globally(a single class available to all) ? maybe via DI instead of
> plugins ?

There are two ways to do this.

First, you can inject your ACL and user objects into your controllers or
service layer via DI. This then means you need to do the "isAllowed()"
check within the controllers themselves, or within your service layer
code. I actually prefer the latter method, as it makes re-using my code
within the various server classes fairly trivial.

The second approach is to create a listener that listens on the dispatch
event, and does automated checking of ACLs based on the current
controller and action (though the latter gets a bit squidgy when you
consider the RestfulController, when an action parameter may not be
present).

    namespace AclChecker;

    use Zend\EventManager\StaticEventManager;

    class Module
    {
        public function init($manager)
        {
            // Register a bootstrap event
            $events = StaticEventManager::getInstance();
            $events->attach('bootstrap', 'bootstrap', array($this, 
'bootstrap'));
        }

        public function bootstrap($e)
        {
            // Register a dispatch event, at high priority
            $app = $e->getParam('application');
            $app->events()->attach('dispatch', array($this, 'checkAcl'), 100);
        }

        public function checkAcl($e)
        {
            $app          = $e->getTarget();
            $locator      = $app->getLocator();
            $acl          = $locator->get('AclChecker\Acl'); // or whatever Acl 
class you 
                                                            // define in your 
app

            $matches      = $e->getRouteMatch();
            $controller   = $matches->getParam('controller');
            $action       = $matches->getParam('action', 'index');

            // get the current user somehow...

            if ($acl->isAllowed($user, $controller, $action)) {
                // Passes ACL check; do nothing
                return;
            }

            // return a 401 response
            // or a redirect response (e.g., to a login page)
        }
    }

-- 
Matthew Weier O'Phinney
Project Lead            | matt...@zend.com
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

-- 
List: fw-general@lists.zend.com
Info: http://framework.zend.com/archives
Unsubscribe: fw-general-unsubscr...@lists.zend.com