Hi Maurice, Zend_Acl also supports the idea of "privileges" upon resources. If you were to utilize such privileges for updating the username and for the timestamp, to follow your example, then you need not create a resource object for these.
To use another simple example, imagine an article resource, to which there are "create", "read", "update", and "delete" privileges. Each of these is not a resource itself but rather a privilege upon a resource. Examples using privileges are documented in the manual: http://framework.zend.com/manual/en/zend.acl.html The Zend_Acl unit tests also contain usage examples with privileges. Maybe you could map your model columns to privileges? Hope this helps! Best regards, Darby Maurice Fonk wrote: > Hello, > > I too would like to comment on this. I've been trying to use Zend_Acl to > restrict access to my models. Basically, what I want is to make certain > fields of a database row editable to some, but not to all. It's not that > difficult to make some class extending Zend_Db_Table_Row implement > Zend_Acl_Resource_Interface. But that only gets you halfway there. If I > make getResourceId() return the name of the model I can restrict access > (create/edit/delete) of a row to certain groups of users. > > But if I want to, say, restrict a user to update his or her username, > but not the timestamp their account was created (because it's fixed) > would I really have to create acl resources for all the fields? > > I came across this while thinking about my little javascript > Zend_Db_Table implementation. I have written a post on my blog ( > http://naneau.nl/2007/04/18/securing-jstable/ ) about this. But like I > said before, if you make the row, or model, your resource, there are > still some restrictions left you have to cover. > > Do you have any thoughts on this? > > Best regards, > Maurice Fonk > > Juan Felipe Alvarez Saldarriaga wrote: >> Hey :) >> >> I want to implement Zend_Acl into my application, but I dont know how >> to put work that with a database model, there are some tutorial or >> page that I can see ? >> >> Another question about Zend_Acl, in the example to add resources: >> $acl->add(new Zend_Acl_Resource('newsletter')); // newsletter >> >> This "newsletter" is what ? a controller ? a method ?, cause I want to >> restrict access to the controllers, this is my idea, check permissions >> of the current user using Zend_Acl, then restrict the access to some >> controllers to this user, is this possible ? >> >> Thx. >> >> > >
