Ralph, > What if I wanted to limit the ability to Creating/Updating/Deleting to a > certain group of people (Access Control / admin type) and I wanted > funnel this through a super-controller. Is that possible, is this a > correct method? For example: > > I want to disallow direct controllers like /student/ , or /professor/ or > /class/. And I want to delegate, (while doing certain access control > checks and variable/param setting) inside some super controller named > DataEntryController, and openly allow ReportController.
Instead, take a look at Zend_Acl and the plugin hooks for Zend_Controller. Used together, they'll limit access to actions elegantly, without the need for 'super controllers'. > /data_entry/professor/delete/2342332 I would highly encourage you to delete via POST, not GET--regardless of user permissions. Hope that helps! -Matt
