Re: [fw-general] Is it possible to use Zend_ACL without MVC
i have been away the past few days, thank you all for your help.
I guess if a whole class is locked out, couldn't I include:
if (!$this-acl-isAllowed($this-user, __CLASS__)) {
throw new Exception('Access denied');
}
in the __construct then if things need finer grained control, to add that
check to each method?
Matthew Weier O'Phinney-3 wrote:
The other possibility is to make those methods protected and prefix them
with a '_', and add proxying via __call():
protected function _echoHello()
{
echo 'Hello!';
}
public function __call($method, $args)
{
if (method_exists($this, '_' . $method)) {
if (!$this-acl-isAllowed($this-user, __CLASS__, $method)) {
throw new Exception('Access denied');
}
return call_user_func_array(array($this, '_' . $method),
$args);
}
throw new Exception(sprintf('Invalid method %s', $method));
}
Any method that doesn't need ACL checks can then simply be declared
public.
This _will_ have a performance hit (both from overloading and from using
call_user_func_array()), but it will automate things.
--
Matthew Weier O'Phinney
Software Architect | [EMAIL PROTECTED]
Zend Framework | http://framework.zend.com/
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18468080.html
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Is it possible to use Zend_ACL without MVC
Hello, Is ti possible to run Zend_ACL without the MVC portion? I also need it to work with a pretty much all ajax type site. Any feedback would be great. Thanks. -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18385583.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos [EMAIL PROTECTED] wrote (on Thursday, 10 July 2008, 09:05 AM -0700): Is ti possible to run Zend_ACL without the MVC portion? I also need it to work with a pretty much all ajax type site. Zend_Acl is a standalone component and has no ties to the MVC. Use it however you desire. :) -- Matthew Weier O'Phinney Software Architect | [EMAIL PROTECTED] Zend Framework | http://framework.zend.com/
Re: [fw-general] Is it possible to use Zend_ACL without MVC
yeah, that was what I was thinking, but now how do you implelemnt it?
When we were using the MVC, the controller and action where declared in the
url and the mvc took care of breaking that up and the acl determined which
resource had which priv.
So when I have a class 'User.php' with methods such as: 'editAccount',
'addNumber', etc... do I just need to now include Zend_ACL_Resoure in the
construct and assign a name to the class like :
__construct($resource) {
new Zend_Acl_Resource-getResourceId('user');
}
Do the methods still need to be named 'editAction', 'addnumberAction'?
I'm just a little unclear how to register the classes as resources I guess.
thanks.
Matthew Weier O'Phinney-3 wrote:
-- maxarbos [EMAIL PROTECTED] wrote
(on Thursday, 10 July 2008, 09:05 AM -0700):
Is ti possible to run Zend_ACL without the MVC portion?
I also need it to work with a pretty much all ajax type site.
Zend_Acl is a standalone component and has no ties to the MVC. Use it
however you desire. :)
--
Matthew Weier O'Phinney
Software Architect | [EMAIL PROTECTED]
Zend Framework | http://framework.zend.com/
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18388057.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos [EMAIL PROTECTED] wrote
(on Thursday, 10 July 2008, 10:34 AM -0700):
yeah, that was what I was thinking, but now how do you implelemnt it?
When we were using the MVC, the controller and action where declared in the
url and the mvc took care of breaking that up and the acl determined which
resource had which priv.
So when I have a class 'User.php' with methods such as: 'editAccount',
'addNumber', etc... do I just need to now include Zend_ACL_Resoure in the
construct and assign a name to the class like :
__construct($resource) {
new Zend_Acl_Resource-getResourceId('user');
}
Do the methods still need to be named 'editAction', 'addnumberAction'?
I'm just a little unclear how to register the classes as resources I guess.
Resources are, quite simply, just names. So, it's pretty easy:
* Define your resources (classes)
* Assign rights (method names) to resources (classes) per role
Then, in your methods, you could do something like:
if (!$this-acl-isAllowed($this-user, __CLASS__, __FUNCTION__)) {
throw new Exception('ACCESS DENIED!');
}
(assuming that $this-acl is your Zend_Acl object, and $this-user is a
user corresponding to a role in the ACL list)
Read through the Zend_Acl manual pages -- they make no mention of MVC,
and should help clarify what I'm getting at.
Matthew Weier O'Phinney-3 wrote:
-- maxarbos [EMAIL PROTECTED] wrote
(on Thursday, 10 July 2008, 09:05 AM -0700):
Is ti possible to run Zend_ACL without the MVC portion?
I also need it to work with a pretty much all ajax type site.
Zend_Acl is a standalone component and has no ties to the MVC. Use it
however you desire. :)
--
Matthew Weier O'Phinney
Software Architect | [EMAIL PROTECTED]
Zend Framework | http://framework.zend.com/
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18388057.html
Sent from the Zend Framework mailing list archive at Nabble.com.
--
Matthew Weier O'Phinney
Software Architect | [EMAIL PROTECTED]
Zend Framework | http://framework.zend.com/
Re: [fw-general] Is it possible to use Zend_ACL without MVC
I feel like I understand but dont seem o get thsi to work.
Here is my main page:
require_once 'Zend/Acl.php';
$acl=new Zend_Acl();
require_once 'Test.php';
$test = new Test($acl);
require_once('Zend/Acl/Role.php');
$acl-addRole(new Zend_Acl_Role('guest'))
-addRole(new Zend_Acl_Role('member'));
require_once('Zend/Acl/Resource.php');
$acl-add(new Zend_Acl_Resource('test'));
$acl-deny('guest', 'test');
$acl-allow('member', 'test');
echo $acl-isAllowed('guest', 'test') ? 'allowed' : 'denied';
echo $test-echoHello();
I am trying to deny the echoHello from happening.
Here is my Test.php class
require_once 'Zend/Acl/Resource/Interface.php';
class Test implements Zend_Acl_Resource_Interface
{
public function __construct(Zend_Acl $acl) {
$this-_acl = $acl;
}
public function getResourceId()
{
return 'test';
}
public function echoHello(){
if (!$this-_acl-isAllowed('guest', __CLASS__, __FUNCTION__)) {
throw new Exception('ACCESS DENIED!');
}
return 'hello';
}
}
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18389571.html
Sent from the Zend Framework mailing list archive at Nabble.com.
RE: [fw-general] Is it possible to use Zend_ACL without MVC
Move this
require_once 'Test.php';
$test = new Test($acl);
under
$acl-allow('member', 'test');
Terre
-Original Message-
From: maxarbos [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2008 2:59 PM
To: fw-general@lists.zend.com
Subject: Re: [fw-general] Is it possible to use Zend_ACL without MVC
I feel like I understand but dont seem o get thsi to work.
Here is my main page:
require_once 'Zend/Acl.php';
$acl=new Zend_Acl();
require_once 'Test.php';
$test = new Test($acl);
require_once('Zend/Acl/Role.php');
$acl-addRole(new Zend_Acl_Role('guest'))
-addRole(new Zend_Acl_Role('member'));
require_once('Zend/Acl/Resource.php');
$acl-add(new Zend_Acl_Resource('test'));
$acl-deny('guest', 'test');
$acl-allow('member', 'test');
echo $acl-isAllowed('guest', 'test') ? 'allowed' : 'denied';
echo $test-echoHello();
I am trying to deny the echoHello from happening.
Here is my Test.php class
require_once 'Zend/Acl/Resource/Interface.php';
class Test implements Zend_Acl_Resource_Interface {
public function __construct(Zend_Acl $acl) {
$this-_acl = $acl;
}
public function getResourceId()
{
return 'test';
}
public function echoHello(){
if (!$this-_acl-isAllowed('guest', __CLASS__, __FUNCTION__)) {
throw new Exception('ACCESS DENIED!');
}
return 'hello';
}
}
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p
18389571.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos [EMAIL PROTECTED] wrote
(on Thursday, 10 July 2008, 11:58 AM -0700):
I feel like I understand but dont seem o get thsi to work.
Here is my main page:
require_once 'Zend/Acl.php';
$acl=new Zend_Acl();
require_once 'Test.php';
$test = new Test($acl);
require_once('Zend/Acl/Role.php');
$acl-addRole(new Zend_Acl_Role('guest'))
-addRole(new Zend_Acl_Role('member'));
require_once('Zend/Acl/Resource.php');
$acl-add(new Zend_Acl_Resource('test'));
Resources, roles, and rights are case sensitive. Change your resource
name to 'Test' instead of 'test'.
$acl-deny('guest', 'test');
$acl-allow('member', 'test');
echo $acl-isAllowed('guest', 'test') ? 'allowed' : 'denied';
echo $test-echoHello();
I am trying to deny the echoHello from happening.
Here is my Test.php class
require_once 'Zend/Acl/Resource/Interface.php';
class Test implements Zend_Acl_Resource_Interface
{
public function __construct(Zend_Acl $acl) {
$this-_acl = $acl;
}
public function getResourceId()
{
return 'test';
}
public function echoHello(){
if (!$this-_acl-isAllowed('guest', __CLASS__, __FUNCTION__)) {
throw new Exception('ACCESS DENIED!');
}
return 'hello';
}
}
--
Matthew Weier O'Phinney
Software Architect | [EMAIL PROTECTED]
Zend Framework | http://framework.zend.com/
RE: [fw-general] Is it possible to use Zend_ACL without MVC
still getting the same error:
denied
Fatal error: Uncaught exception 'Zend_Acl_Exception' with message 'Resource
'Test' not found'
in /xxx/Zend/Acl.php:297
Stack trace:
#0 /xxx/Zend/Acl.php(691): Zend_Acl-get('Test')
#1 //admin/Test.php(24):
Zend_Acl-isAllowed('guest', 'Test', 'echoHello')
#2 /xxx/admin/index.php(50): Test-echoHello()
#3 {main} thrown in /xxx/Zend/Acl.php on line 297
vRandom wrote:
Move this
require_once 'Test.php';
$test = new Test($acl);
under
$acl-allow('member', 'test');
Terre
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18390278.html
Sent from the Zend Framework mailing list archive at Nabble.com.
RE: [fw-general] Is it possible to use Zend_ACL without MVC
I think I got it.
I needed to change the resource name to caplital 'Test'
So I just need to add the check within every method?
Seems a bit susceptible to errors.
maxarbos wrote:
still getting the same error:
denied
Fatal error: Uncaught exception 'Zend_Acl_Exception' with message
'Resource 'Test' not found'
in /xxx/Zend/Acl.php:297
Stack trace:
#0 /xxx/Zend/Acl.php(691): Zend_Acl-get('Test')
#1 //admin/Test.php(24):
Zend_Acl-isAllowed('guest', 'Test', 'echoHello')
#2 /xxx/admin/index.php(50): Test-echoHello()
#3 {main} thrown in /xxx/Zend/Acl.php on line 297
vRandom wrote:
Move this
require_once 'Test.php';
$test = new Test($acl);
under
$acl-allow('member', 'test');
Terre
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18390545.html
Sent from the Zend Framework mailing list archive at Nabble.com.
RE: [fw-general] Is it possible to use Zend_ACL without MVC
Here is the code I was playing with for you to compare:
[code]
require_once 'Zend/Acl.php';
$acl=new Zend_Acl();
require_once('Zend/Acl/Role.php');
$acl-addRole(new Zend_Acl_Role('guest'))
-addRole(new Zend_Acl_Role('member'));
require_once('Zend/Acl/Resource.php');
$acl-add(new Zend_Acl_Resource('test'));
$acl-deny('guest', 'test');
$acl-allow('member', 'test');
echo $acl-isAllowed('guest', 'test') ? 'allowed' : 'denied';
//require_once 'Test.php';
//--- embeded for one file testing
require_once 'Zend/Acl/Resource/Interface.php';
class test implements Zend_Acl_Resource_Interface {
public function __construct(Zend_Acl $acl) {
$this-_acl = $acl;
}
public function getResourceId()
{
return 'test';
}
public function echoHello(){
if (!$this-_acl-isAllowed('guest', __CLASS__,
__FUNCTION__)) {
throw new Exception('ACCESS DENIED!');
}
return 'hello';
}
}
//
// create test class
$test = new test($acl);
// catch exceptions
try {
echo $test-echoHello();
} catch (Exception $e) {
// do something with the triggered exception
echo 'an unexpected error occured.';
echo 'h2Unexpected Exception: ' . $e-getMessage() . '/h2br
/pre';
echo $e-getTraceAsString();
}
[/code]
Your not passing any type of current user role to this class, it will always
return the exception.
Something like this :
public function echoHello($myRole = 'guest'){
if (!$this-_acl-isAllowed(myRole , __CLASS__,
__FUNCTION__)) {
throw new Exception('ACCESS DENIED!');
}
return 'hello';
}
Then in the function call pass the role to be used...
// whats this current user/page load group
// Should match a roles defined in the acl
$thisUsersRole = 'member' ; //? Member or guest or etc...
echo $test-echoHello($thisUsersRole);
Only problem is if the role doesn't exists, I think it will throw an
error... Just incase, might need to put in a hasRole check before the
isAllowed. I think this page has the info on the hasRole, or its in there
somewhere, http://framework.zend.com/manual/en/zend.acl.html
Also, just out of curiosity, is this part really needed for this?
---
require_once 'Zend/Acl/Resource/Interface.php';
class Test implements Zend_Acl_Resource_Interface {
--
Since the acl is passed as an object var to the class I don't see that it's
used.
This should work with less overhead.
--
Class Test () {
--
Hope that all makes sence...
Terre
-Original Message-
From: maxarbos [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2008 3:36 PM
To: fw-general@lists.zend.com
Subject: RE: [fw-general] Is it possible to use Zend_ACL without MVC
still getting the same error:
denied
Fatal error: Uncaught exception 'Zend_Acl_Exception' with message 'Resource
'Test' not found'
in /xxx/Zend/Acl.php:297
Stack trace:
#0 /xxx/Zend/Acl.php(691): Zend_Acl-get('Test')
#1 //admin/Test.php(24):
Zend_Acl-isAllowed('guest', 'Test', 'echoHello')
#2 /xxx/admin/index.php(50): Test-echoHello()
#3 {main} thrown in /xxx/Zend/Acl.php on line 297
vRandom wrote:
Move this
require_once 'Test.php';
$test = new Test($acl);
under
$acl-allow('member', 'test');
Terre
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p
18390278.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos [EMAIL PROTECTED] wrote
(on Thursday, 10 July 2008, 12:53 PM -0700):
I think I got it.
I needed to change the resource name to caplital 'Test'
So I just need to add the check within every method?
Seems a bit susceptible to errors.
The other possibility is to make those methods protected and prefix them
with a '_', and add proxying via __call():
protected function _echoHello()
{
echo 'Hello!';
}
public function __call($method, $args)
{
if (method_exists($this, '_' . $method)) {
if (!$this-acl-isAllowed($this-user, __CLASS__, $method)) {
throw new Exception('Access denied');
}
return call_user_func_array(array($this, '_' . $method), $args);
}
throw new Exception(sprintf('Invalid method %s', $method));
}
Any method that doesn't need ACL checks can then simply be declared
public.
This _will_ have a performance hit (both from overloading and from using
call_user_func_array()), but it will automate things.
maxarbos wrote:
still getting the same error:
denied
Fatal error: Uncaught exception 'Zend_Acl_Exception' with message
'Resource 'Test' not found'
in /xxx/Zend/Acl.php:297
Stack trace:
#0 /xxx/Zend/Acl.php(691): Zend_Acl-get('Test')
#1 //admin/Test.php(24):
Zend_Acl-isAllowed('guest', 'Test', 'echoHello')
#2 /xxx/admin/index.php(50): Test-echoHello()
#3 {main} thrown in /xxx/Zend/Acl.php on line 297
vRandom wrote:
Move this
require_once 'Test.php';
$test = new Test($acl);
under
$acl-allow('member', 'test');
Terre
--
View this message in context:
http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18390545.html
Sent from the Zend Framework mailing list archive at Nabble.com.
--
Matthew Weier O'Phinney
Software Architect | [EMAIL PROTECTED]
Zend Framework | http://framework.zend.com/
