weierophinney wrote
>
> -- cmple <roman.vidyayev@> wrote
> (on Sunday, 26 February 2012, 07:32 PM -0800):
>> But this means that I'll have to add "$this->myAcl()->isAllowed()" in
>> every controller which makes my code redundant. Is there a way to use
>> it globally(a single class available to all) ? maybe via DI instead of
>> plugins ?
>
> There are two ways to do this.
>
> First, you can inject your ACL and user objects into your controllers or
> service layer via DI. This then means you need to do the "isAllowed()"
> check within the controllers themselves, or within your service layer
> code. I actually prefer the latter method, as it makes re-using my code
> within the various server classes fairly trivial.
>
> The second approach is to create a listener that listens on the dispatch
> event, and does automated checking of ACLs based on the current
> controller and action (though the latter gets a bit squidgy when you
> consider the RestfulController, when an action parameter may not be
> present).
>
> namespace AclChecker;
>
> use Zend\EventManager\StaticEventManager;
>
> class Module
> {
> public function init($manager)
> {
> // Register a bootstrap event
> $events = StaticEventManager::getInstance();
> $events->attach('bootstrap', 'bootstrap', array($this,
> 'bootstrap'));
> }
>
> public function bootstrap($e)
> {
> // Register a dispatch event, at high priority
> $app = $e->getParam('application');
> $app->events()->attach('dispatch', array($this, 'checkAcl'),
> 100);
> }
>
> public function checkAcl($e)
> {
> $app = $e->getTarget();
> $locator = $app->getLocator();
> $acl = $locator->get('AclChecker\Acl'); // or
> whatever Acl class you
> // define in
> your app
>
> $matches = $e->getRouteMatch();
> $controller = $matches->getParam('controller');
> $action = $matches->getParam('action', 'index');
>
> // get the current user somehow...
>
> if ($acl->isAllowed($user, $controller, $action)) {
> // Passes ACL check; do nothing
> return;
> }
>
> // return a 401 response
> // or a redirect response (e.g., to a login page)
> }
> }
>
> --
> Matthew Weier O'Phinney
> Project Lead | matthew@
> Zend Framework | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
> --
> List: fw-general@.zend
> Info: http://framework.zend.com/archives
> Unsubscribe: fw-general-unsubscribe@.zend
>
Thanks Matthew!
The second approach is exactly what I've been looking for.
But I get the following error:
PHP Fatal error: Call to undefined method
Zend\EventManager\Event::getRouteMatch()
Could it be my version? "2.0.0beta2"
Thanks!
--
View this message in context:
http://zend-framework-community.634137.n4.nabble.com/ZF2-What-s-the-proper-way-to-register-global-MVC-plugins-tp4265227p4425128.html
Sent from the Zend Framework mailing list archive at Nabble.com.
--
List: fw-general@lists.zend.com
Info: http://framework.zend.com/archives
Unsubscribe: fw-general-unsubscr...@lists.zend.com
