[fw-general] Re: Re[fw-general] stricting display of links to non-authorized pages in view scripts- how to?
I was wondering if someone found/uses a better way of dealing with this problem yet? -- View this message in context: http://www.nabble.com/Restricting-display-of-links-to-non-authorized-pages-in-view-scripts--how-to--tp20273593p21545475.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Re[fw-general] stricting display of links to non-authorized pages in view scripts- how to?
bytte wrote: I managed to set up authentication through Zend_Auth and access control through Zend_Acl. This works without any problem. However, I'd like to take things one step further. My view scripts sometimes display links to pages that are not accessible by the logged in user, because that user does not have the proper rights to view that page. Think of an edit link next to a blog article. If only the author of the article is allowed (via Zend_Acl) to edit the article, then it makes no sense to display the edit link to other users as well, as clicking on the link will only send them to a not authorised page. Is there a convenient way of dealing with this problem? I'm sure it's a common request so I was hoping someone could help me with it. Thanks in advance. Pass the edit link based on the Acl level to the view instead of trying to do it in the view :) - Nickolas Whiting Developer http://xstudiosinc.com Xstudios -- View this message in context: http://www.nabble.com/Restricting-display-of-links-to-non-authorized-pages-in-view-scripts--how-to--tp20273593p20273947.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Re[fw-general] stricting display of links to non-authorized pages in view scripts- how to?
You could make a view helper. Here's mine, you'd need to adjust to taste:
class My_View_Helper_IsAllowed extends Zend_View_Helper_Abstract
{
public function isAllowed($resource = null, $privilege = null)
{
$front = Zend_Controller_Front::getInstance();
if ($front-hasPlugin('App_Controller_Plugin_Auth'))
{
$authPlugin =
$front-getPlugin('App_Controller_Plugin_Auth');
$identity = Zend_Auth::getInstance()-getIdentity();
$role = (!empty($identity) isset($identity-id)) ?
'#user_'.$identity-id : null;
$retval = false;
try {
$retval = $authPlugin-acl-isAllowed($role,
$resource, $privilege);
}
catch (Exception $ex) { }
return $retval;
}
return false;
}
}
Then in the views you could do:
?php if ($this-isAllowed('admin_user', 'index')) { ?
li ?=$this- url(array('module'='admin', 'controller'='user'),
null, true)?Manage Users
?php } ?
bytte wrote:
I managed to set up authentication through Zend_Auth and access control
through Zend_Acl. This works without any problem. However, I'd like to
take things one step further.
My view scripts sometimes display links to pages that are not accessible
by the logged in user, because that user does not have the proper rights
to view that page. Think of an edit link next to a blog article. If only
the author of the article is allowed (via Zend_Acl) to edit the article,
then it makes no sense to display the edit link to other users as well,
as clicking on the link will only send them to a not authorised page.
Is there a convenient way of dealing with this problem? I'm sure it's a
common request so I was hoping someone could help me with it.
Thanks in advance.
--
View this message in context:
http://www.nabble.com/Restricting-display-of-links-to-non-authorized-pages-in-view-scripts--how-to--tp20273593p20274511.html
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Re[fw-general] stricting display of links to non-authorized pages in view scripts- how to?
Thanks Martin, That's what I did so far, but I'm not happy with all those 'if/else' clauses in my view script. I was hoping for a better way. Chris Martin wrote: You could make a view helper. -- View this message in context: http://www.nabble.com/Restricting-display-of-links-to-non-authorized-pages-in-view-scripts--how-to--tp20273593p20274602.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Re[fw-general] stricting display of links to non-authorized pages in view scripts- how to?
Thanks nwhiting, but links and such are view information, right? So don't they belong in the view? Think of an image linking to an edit page... nwhiting wrote: Pass the edit link based on the Acl level to the view instead of trying to do it in the view :) -- View this message in context: http://www.nabble.com/Restricting-display-of-links-to-non-authorized-pages-in-view-scripts--how-to--tp20273593p20274623.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Re: Re[fw-general] stricting display of links to non-authorized pages in view scripts- how to?
You could potentially make something like a isAllowedUrl($module, $controller, $action) view helper that checks the permissions and renders the link itself, but you might lose flexibility when wanting to include/exclude other html decorators and such. bytte wrote: Thanks Martin, That's what I did so far, but I'm not happy with all those 'if/else' clauses in my view script. I was hoping for a better way. Chris Martin wrote: You could make a view helper. -- View this message in context: http://www.nabble.com/Restricting-display-of-links-to-non-authorized-pages-in-view-scripts--how-to--tp20273593p20274777.html Sent from the Zend Framework mailing list archive at Nabble.com.
