I finally got it working thanks to this tutorial and the closed issue at the
end:
public function editAction()
{
.
$acl = Zend_Registry::get('acl');
$acl->addResource(new Zend_Acl_Resource('address-' .
$address->getId(), $address));
$acl->allow(array(
'admin', 'superadmin'
),
'address-' . $address->getId(),
'edit',
new My_Acl_Assert_Address()
);
if (!$acl->isAllowed($user, $address, 'edit')) {
$this->_helper->redirector('create');
}
.
}
a) Is there a better place to put the acl? Since the address entity is
only available when loading it for editing the only way seems to be a plugin
that sets all the acl for all addresses, correct?
b) Would you re-use this acl before saving the form that edited the
address or use a validator (like recordExists)?
Von: tridem [via Zend Framework Community]
[mailto:[email protected]]
Gesendet: Mittwoch, 15. Februar 2012 14:31
An: tridem
Betreff: ACL in module bootstrap with entities
For each of my modules I use a _initAcl method in my bootstrap.php:
<?php
class User_Bootstrap extends Zend_Application_Module_Bootstrap
{
protected function _initAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('admin'));
$addressController = new Zend_Acl_Resource('address');
$addressEntity = new Zend_Acl_Resource('address-entity');
$acl->addResource($addressController);
$acl->addResource($addressEntity);
$acl->deny();
$acl->allow('admin',
$addressController
);
}
My address entity implements Zend_Acl and the following methods:
<?php
class Address implements \Zend_Acl_Resource_Interface
{
public function getResourceId()
{
return 'address-' . $this->getId();
}
}
?>
I use the following code in my editAction of my controller:
public function indexAction()
{
$address = $this->getEntityManager()->find('Entities\Address', 666);
$acl = Zend_Registry::get('acl');
$addressEntity = new Zend_Acl_Resource('address-' .
$address->getId());
$acl->addResource($addressEntity);
$acl->allow('admin',
$addressEntity,
'edit',
new My_Acl_Assert_Address()
);
if (!$acl->isAllowed($user, $address, 'edit')) {
$this->_helper->redirector('index');
}
}
My assert:
<?php
class My_Acl_Assert_Address implements Zend_Acl_Assert_Interface
{
public function assert(Zend_Acl $acl,
Zend_Acl_Role_Interface $role = null,
Zend_Acl_Resource_Interface $resource = null,
$privilege = null)
{
if (!$role instanceof Entities\User) {
throw new Zend_Acl_Exception(
'Address assertion only applies to Users.'
);
}
if (!$resource instanceof Entities\Address) {
throw new Zend_Acl_Exception(
__METHOD__ . ' assertion applies to Address.'
);
}
$userId = $role->getId();
$addressUserId = $resource->getCustomer()->getUser()->getId();
return $userId === $addressUserId;
}
}
?>
Ho do I manage to automatize the process of adding ACL in the controller?
Put it into the entities directely?
_____
If you reply to this email, your message will be added to the discussion
below:
http://zend-framework-community.634137.n4.nabble.com/ACL-in-module-bootstrap
-with-entities-tp4390410p4390410.html
To unsubscribe from Zend Framework Community, click
<http://zend-framework-community.634137.n4.nabble.com/template/NamlServlet.j
tp?macro=unsubscribe_by_code&node=634137&code=bGlzdHNAdHJpZGVtYXBwcy5jb218Nj
M0MTM3fC0xNTA0MjEyMTQ5> here.
<http://zend-framework-community.634137.n4.nabble.com/template/NamlServlet.j
tp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml
.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.v
iew.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aema
il.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Ae
mail.naml> NAML
--
View this message in context:
http://zend-framework-community.634137.n4.nabble.com/ACL-in-module-bootstrap-with-entities-tp4390410p4424371.html
Sent from the Zend Framework mailing list archive at Nabble.com.
