It's not clear. How do we control access at the module level without bloating the ACL? For instance, how do we deny access to all controllers that start with Admin_* (regardless of the action) to roles: user/guest ?
matt On 7/19/07, Darby Felton <[EMAIL PROTECTED]> wrote:
Hi Pat, The third parameter of Zend_Acl::isAllowed() is not specifically for controller actions, though this would be a reasonable use case, where the requested controller action corresponds to a Zend_Acl privilege. Indeed, Zend_Acl is not only for controlling access to specific modules, controllers, and actions, but also should be quite suitable for use within ACL-aware data models, for example. I believe that you can get the functionality you desire by structuring your resources into a tree, and taking advantage of rule inheritance, as Xing has already suggested. Best regards, Darby pat wrote: > Hi List, > > A few months ago I requested that the ACL unit allow some form of > globbing. But, The impending release made that impossible. Is now a > good time to consider resource globbing in the acl? What I have in mind > is the following: > //resource = *. controller.* > $this->_acl->isAllowed($role, $resource); > > > instead of this: > > !$this->_acl->isAllowed($role, $resource, $action); > > > In short, I'd like the ACL to work at the module level and include > globbing. > > Is this possible? > > cheers, > > pat > > > >
