Re: [fw-general] Is it possible to use Zend_ACL without MVC
i have been away the past few days, thank you all for your help. I guess if a whole class is locked out, couldn't I include: if (!$this->acl->isAllowed($this->user, __CLASS__)) { throw new Exception('Access denied'); } in the __construct then if things need finer grained control, to add that check to each method? Matthew Weier O'Phinney-3 wrote: > > > The other possibility is to make those methods protected and prefix them > with a '_', and add proxying via __call(): > > protected function _echoHello() > { > echo 'Hello!'; > } > > public function __call($method, $args) > { > if (method_exists($this, '_' . $method)) { > if (!$this->acl->isAllowed($this->user, __CLASS__, $method)) { > throw new Exception('Access denied'); > } > return call_user_func_array(array($this, '_' . $method), > $args); > } > > throw new Exception(sprintf('Invalid method "%s"', $method)); > } > > Any method that doesn't need ACL checks can then simply be declared > public. > > This _will_ have a performance hit (both from overloading and from using > call_user_func_array()), but it will automate things. > > > -- > Matthew Weier O'Phinney > Software Architect | [EMAIL PROTECTED] > Zend Framework | http://framework.zend.com/ > > -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18468080.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos <[EMAIL PROTECTED]> wrote (on Thursday, 10 July 2008, 12:53 PM -0700): > > I think I got it. > > I needed to change the resource name to caplital 'Test' > > So I just need to add the check within every method? > Seems a bit susceptible to errors. The other possibility is to make those methods protected and prefix them with a '_', and add proxying via __call(): protected function _echoHello() { echo 'Hello!'; } public function __call($method, $args) { if (method_exists($this, '_' . $method)) { if (!$this->acl->isAllowed($this->user, __CLASS__, $method)) { throw new Exception('Access denied'); } return call_user_func_array(array($this, '_' . $method), $args); } throw new Exception(sprintf('Invalid method "%s"', $method)); } Any method that doesn't need ACL checks can then simply be declared public. This _will_ have a performance hit (both from overloading and from using call_user_func_array()), but it will automate things. > maxarbos wrote: > > > > still getting the same error: > > > > denied > > Fatal error: Uncaught exception 'Zend_Acl_Exception' with message > > 'Resource 'Test' not found' > > in /xxx/Zend/Acl.php:297 > > Stack trace: > > #0 /xxx/Zend/Acl.php(691): Zend_Acl->get('Test') > > #1 //admin/Test.php(24): > > Zend_Acl->isAllowed('guest', 'Test', 'echoHello') > > #2 /xxx/admin/index.php(50): Test->echoHello() > > #3 {main} thrown in /xxx/Zend/Acl.php on line 297 > > > > > > > > vRandom wrote: > >> > >> Move this > >> > >> require_once 'Test.php'; > >> $test = new Test($acl); > >> > >> under > >> > >> $acl->allow('member', 'test'); > >> > >> Terre > >> > >> > > > > > > -- > View this message in context: > http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18390545.html > Sent from the Zend Framework mailing list archive at Nabble.com. > -- Matthew Weier O'Phinney Software Architect | [EMAIL PROTECTED] Zend Framework | http://framework.zend.com/
RE: [fw-general] Is it possible to use Zend_ACL without MVC
Here is the code I was playing with for you to compare: [code] require_once 'Zend/Acl.php'; $acl=new Zend_Acl(); require_once('Zend/Acl/Role.php'); $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')); require_once('Zend/Acl/Resource.php'); $acl->add(new Zend_Acl_Resource('test')); $acl->deny('guest', 'test'); $acl->allow('member', 'test'); echo $acl->isAllowed('guest', 'test') ? 'allowed' : 'denied'; //require_once 'Test.php'; //--- embeded for one file testing require_once 'Zend/Acl/Resource/Interface.php'; class test implements Zend_Acl_Resource_Interface { public function __construct(Zend_Acl $acl) { $this->_acl = $acl; } public function getResourceId() { return 'test'; } public function echoHello(){ if (!$this->_acl->isAllowed('guest', __CLASS__, __FUNCTION__)) { throw new Exception('ACCESS DENIED!'); } return 'hello'; } } // // create test class $test = new test($acl); // catch exceptions try { echo $test->echoHello(); } catch (Exception $e) { // do something with the triggered exception echo 'an unexpected error occured.'; echo 'Unexpected Exception: ' . $e->getMessage() . ''; echo $e->getTraceAsString(); } [/code] Your not passing any type of current user role to this class, it will always return the exception. Something like this : public function echoHello($myRole = 'guest'){ if (!$this->_acl->isAllowed(myRole , __CLASS__, __FUNCTION__)) { throw new Exception('ACCESS DENIED!'); } return 'hello'; } Then in the function call pass the role to be used... // whats this current user/page load group // Should match a roles defined in the acl $thisUsersRole = 'member' ; //? Member or guest or etc... echo $test->echoHello($thisUsersRole); Only problem is if the role doesn't exists, I think it will throw an error... Just incase, might need to put in a hasRole check before the isAllowed. I think this page has the info on the hasRole, or its in there somewhere, http://framework.zend.com/manual/en/zend.acl.html Also, just out of curiosity, is this part really needed for this? --- require_once 'Zend/Acl/Resource/Interface.php'; class Test implements Zend_Acl_Resource_Interface { -- Since the acl is passed as an object var to the class I don't see that it's used. This should work with less overhead. -- Class Test () { -- Hope that all makes sence... Terre -Original Message- From: maxarbos [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2008 3:36 PM To: fw-general@lists.zend.com Subject: RE: [fw-general] Is it possible to use Zend_ACL without MVC still getting the same error: denied Fatal error: Uncaught exception 'Zend_Acl_Exception' with message 'Resource 'Test' not found' in /xxx/Zend/Acl.php:297 Stack trace: #0 /xxx/Zend/Acl.php(691): Zend_Acl->get('Test') #1 //admin/Test.php(24): Zend_Acl->isAllowed('guest', 'Test', 'echoHello') #2 /xxx/admin/index.php(50): Test->echoHello() #3 {main} thrown in /xxx/Zend/Acl.php on line 297 vRandom wrote: > > Move this > > require_once 'Test.php'; > $test = new Test($acl); > > under > > $acl->allow('member', 'test'); > > Terre > > -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p 18390278.html Sent from the Zend Framework mailing list archive at Nabble.com.
RE: [fw-general] Is it possible to use Zend_ACL without MVC
I think I got it. I needed to change the resource name to caplital 'Test' So I just need to add the check within every method? Seems a bit susceptible to errors. maxarbos wrote: > > still getting the same error: > > denied > Fatal error: Uncaught exception 'Zend_Acl_Exception' with message > 'Resource 'Test' not found' > in /xxx/Zend/Acl.php:297 > Stack trace: > #0 /xxx/Zend/Acl.php(691): Zend_Acl->get('Test') > #1 //admin/Test.php(24): > Zend_Acl->isAllowed('guest', 'Test', 'echoHello') > #2 /xxx/admin/index.php(50): Test->echoHello() > #3 {main} thrown in /xxx/Zend/Acl.php on line 297 > > > > vRandom wrote: >> >> Move this >> >> require_once 'Test.php'; >> $test = new Test($acl); >> >> under >> >> $acl->allow('member', 'test'); >> >> Terre >> >> > > -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18390545.html Sent from the Zend Framework mailing list archive at Nabble.com.
RE: [fw-general] Is it possible to use Zend_ACL without MVC
still getting the same error: denied Fatal error: Uncaught exception 'Zend_Acl_Exception' with message 'Resource 'Test' not found' in /xxx/Zend/Acl.php:297 Stack trace: #0 /xxx/Zend/Acl.php(691): Zend_Acl->get('Test') #1 //admin/Test.php(24): Zend_Acl->isAllowed('guest', 'Test', 'echoHello') #2 /xxx/admin/index.php(50): Test->echoHello() #3 {main} thrown in /xxx/Zend/Acl.php on line 297 vRandom wrote: > > Move this > > require_once 'Test.php'; > $test = new Test($acl); > > under > > $acl->allow('member', 'test'); > > Terre > > -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18390278.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos <[EMAIL PROTECTED]> wrote (on Thursday, 10 July 2008, 11:58 AM -0700): > I feel like I understand but dont seem o get thsi to work. > > Here is my main page: > > require_once 'Zend/Acl.php'; > $acl=new Zend_Acl(); > > require_once 'Test.php'; > $test = new Test($acl); > > require_once('Zend/Acl/Role.php'); > $acl->addRole(new Zend_Acl_Role('guest')) > ->addRole(new Zend_Acl_Role('member')); > > require_once('Zend/Acl/Resource.php'); > $acl->add(new Zend_Acl_Resource('test')); Resources, roles, and rights are case sensitive. Change your resource name to 'Test' instead of 'test'. > $acl->deny('guest', 'test'); > $acl->allow('member', 'test'); > > echo $acl->isAllowed('guest', 'test') ? 'allowed' : 'denied'; > > echo $test->echoHello(); > > > I am trying to deny the echoHello from happening. > > Here is my Test.php class > > require_once 'Zend/Acl/Resource/Interface.php'; > class Test implements Zend_Acl_Resource_Interface > { > > public function __construct(Zend_Acl $acl) { > $this->_acl = $acl; > } > > > public function getResourceId() > { > return 'test'; > } > > public function echoHello(){ > > if (!$this->_acl->isAllowed('guest', __CLASS__, __FUNCTION__)) { > throw new Exception('ACCESS DENIED!'); > } > > return 'hello'; > } > > } -- Matthew Weier O'Phinney Software Architect | [EMAIL PROTECTED] Zend Framework | http://framework.zend.com/
RE: [fw-general] Is it possible to use Zend_ACL without MVC
Move this require_once 'Test.php'; $test = new Test($acl); under $acl->allow('member', 'test'); Terre -Original Message- From: maxarbos [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2008 2:59 PM To: fw-general@lists.zend.com Subject: Re: [fw-general] Is it possible to use Zend_ACL without MVC I feel like I understand but dont seem o get thsi to work. Here is my main page: require_once 'Zend/Acl.php'; $acl=new Zend_Acl(); require_once 'Test.php'; $test = new Test($acl); require_once('Zend/Acl/Role.php'); $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')); require_once('Zend/Acl/Resource.php'); $acl->add(new Zend_Acl_Resource('test')); $acl->deny('guest', 'test'); $acl->allow('member', 'test'); echo $acl->isAllowed('guest', 'test') ? 'allowed' : 'denied'; echo $test->echoHello(); I am trying to deny the echoHello from happening. Here is my Test.php class require_once 'Zend/Acl/Resource/Interface.php'; class Test implements Zend_Acl_Resource_Interface { public function __construct(Zend_Acl $acl) { $this->_acl = $acl; } public function getResourceId() { return 'test'; } public function echoHello(){ if (!$this->_acl->isAllowed('guest', __CLASS__, __FUNCTION__)) { throw new Exception('ACCESS DENIED!'); } return 'hello'; } } -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p 18389571.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
I feel like I understand but dont seem o get thsi to work. Here is my main page: require_once 'Zend/Acl.php'; $acl=new Zend_Acl(); require_once 'Test.php'; $test = new Test($acl); require_once('Zend/Acl/Role.php'); $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')); require_once('Zend/Acl/Resource.php'); $acl->add(new Zend_Acl_Resource('test')); $acl->deny('guest', 'test'); $acl->allow('member', 'test'); echo $acl->isAllowed('guest', 'test') ? 'allowed' : 'denied'; echo $test->echoHello(); I am trying to deny the echoHello from happening. Here is my Test.php class require_once 'Zend/Acl/Resource/Interface.php'; class Test implements Zend_Acl_Resource_Interface { public function __construct(Zend_Acl $acl) { $this->_acl = $acl; } public function getResourceId() { return 'test'; } public function echoHello(){ if (!$this->_acl->isAllowed('guest', __CLASS__, __FUNCTION__)) { throw new Exception('ACCESS DENIED!'); } return 'hello'; } } -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18389571.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos <[EMAIL PROTECTED]> wrote (on Thursday, 10 July 2008, 10:34 AM -0700): > yeah, that was what I was thinking, but now how do you implelemnt it? > > When we were using the MVC, the controller and action where declared in the > url and the mvc took care of breaking that up and the acl determined which > resource had which priv. > > So when I have a class 'User.php' with methods such as: 'editAccount', > 'addNumber', etc... do I just need to now include Zend_ACL_Resoure in the > construct and assign a name to the class like : > > __construct($resource) { >new Zend_Acl_Resource->getResourceId('user'); > } > > > Do the methods still need to be named 'editAction', 'addnumberAction'? > > I'm just a little unclear how to register the classes as resources I guess. Resources are, quite simply, just names. So, it's pretty easy: * Define your resources (classes) * Assign rights (method names) to resources (classes) per role Then, in your methods, you could do something like: if (!$this->acl->isAllowed($this->user, __CLASS__, __FUNCTION__)) { throw new Exception('ACCESS DENIED!'); } (assuming that $this->acl is your Zend_Acl object, and $this->user is a user corresponding to a role in the ACL list) Read through the Zend_Acl manual pages -- they make no mention of MVC, and should help clarify what I'm getting at. > Matthew Weier O'Phinney-3 wrote: > > > > -- maxarbos <[EMAIL PROTECTED]> wrote > > (on Thursday, 10 July 2008, 09:05 AM -0700): > >> Is ti possible to run Zend_ACL without the MVC portion? > >> I also need it to work with a pretty much all ajax type site. > > > > Zend_Acl is a standalone component and has no ties to the MVC. Use it > > however you desire. :) > > > > -- > > Matthew Weier O'Phinney > > Software Architect | [EMAIL PROTECTED] > > Zend Framework | http://framework.zend.com/ > > > > > > -- > View this message in context: > http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18388057.html > Sent from the Zend Framework mailing list archive at Nabble.com. > -- Matthew Weier O'Phinney Software Architect | [EMAIL PROTECTED] Zend Framework | http://framework.zend.com/
Re: [fw-general] Is it possible to use Zend_ACL without MVC
yeah, that was what I was thinking, but now how do you implelemnt it? When we were using the MVC, the controller and action where declared in the url and the mvc took care of breaking that up and the acl determined which resource had which priv. So when I have a class 'User.php' with methods such as: 'editAccount', 'addNumber', etc... do I just need to now include Zend_ACL_Resoure in the construct and assign a name to the class like : __construct($resource) { new Zend_Acl_Resource->getResourceId('user'); } Do the methods still need to be named 'editAction', 'addnumberAction'? I'm just a little unclear how to register the classes as resources I guess. thanks. Matthew Weier O'Phinney-3 wrote: > > -- maxarbos <[EMAIL PROTECTED]> wrote > (on Thursday, 10 July 2008, 09:05 AM -0700): >> Is ti possible to run Zend_ACL without the MVC portion? >> I also need it to work with a pretty much all ajax type site. > > Zend_Acl is a standalone component and has no ties to the MVC. Use it > however you desire. :) > > -- > Matthew Weier O'Phinney > Software Architect | [EMAIL PROTECTED] > Zend Framework | http://framework.zend.com/ > > -- View this message in context: http://www.nabble.com/Is-it-possible-to-use-Zend_ACL-without-MVC-tp18385583p18388057.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Is it possible to use Zend_ACL without MVC
-- maxarbos <[EMAIL PROTECTED]> wrote (on Thursday, 10 July 2008, 09:05 AM -0700): > Is ti possible to run Zend_ACL without the MVC portion? > I also need it to work with a pretty much all ajax type site. Zend_Acl is a standalone component and has no ties to the MVC. Use it however you desire. :) -- Matthew Weier O'Phinney Software Architect | [EMAIL PROTECTED] Zend Framework | http://framework.zend.com/