if ( ! $acl->has($resource)) $resource = null; if ( ! $acl->isAllowed($role, $resource, $action))
If a resource is not protected by ACL, should it be made available unconditionally? In that case, there is no need to go through isAllowed. Or should all resources be included in the ACL? matt On 7/19/07, Matt Needles <[EMAIL PROTECTED]> wrote:
It's not clear. How do we control access at the module level without bloating the ACL? For instance, how do we deny access to all controllers that start with Admin_* (regardless of the action) to roles: user/guest ? matt On 7/19/07, Darby Felton <[EMAIL PROTECTED]> wrote: > > Hi Pat, > > The third parameter of Zend_Acl::isAllowed() is not specifically for > controller actions, though this would be a reasonable use case, where > the requested controller action corresponds to a Zend_Acl privilege. > Indeed, Zend_Acl is not only for controlling access to specific modules, > controllers, and actions, but also should be quite suitable for use > within ACL-aware data models, for example. > > I believe that you can get the functionality you desire by structuring > your resources into a tree, and taking advantage of rule inheritance, as > Xing has already suggested. > > Best regards, > Darby > > pat wrote: > > Hi List, > > > > A few months ago I requested that the ACL unit allow some form of > > globbing. But, The impending release made that impossible. Is now a > > good time to consider resource globbing in the acl? What I have in > mind > > is the following: > > //resource = *. controller.* > > $this->_acl->isAllowed($role, $resource); > > > > > > instead of this: > > > > !$this->_acl->isAllowed($role, $resource, $action); > > > > > > In short, I'd like the ACL to work at the module level and include > > globbing. > > > > Is this possible? > > > > cheers, > > > > pat > > > > > > > > >
