Hi Matt, I'm not sure I completely understand what you're asking, so please feel free to elaborate further if you believe this to be the case.
I probably cannot answer the first question for you, since whether to unconditionally allow access to any resource in your application depends on your requirements. But, in order for you to query a resource with Zend_Acl::isAllowed(), the resource must have been previously added to the ACL object (or else the ACL doesn't know about the identified resource object, having no reference to it). If you call isAllowed() against a resource that does not exist in the ACL, an exception is thrown. Best regards, Darby Matt Needles wrote: > if ( ! $acl->has($resource)) > $resource = null; > > if ( ! $acl->isAllowed($role, $resource, $action)) > > If a resource is not protected by ACL, should it be made available > unconditionally? In that case, there is no need to go through isAllowed. > Or should all resources be included in the ACL? > > matt > > > > > On 7/19/07, *Matt Needles* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > It's not clear. How do we control access at the module level without > bloating the ACL? For instance, how do we deny access to all > controllers that start with Admin_* (regardless of the action) to > roles: user/guest ? > > matt > > > > > On 7/19/07, *Darby Felton* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > Hi Pat, > > The third parameter of Zend_Acl::isAllowed() is not specifically for > controller actions, though this would be a reasonable use case, > where > the requested controller action corresponds to a Zend_Acl privilege. > Indeed, Zend_Acl is not only for controlling access to specific > modules, > controllers, and actions, but also should be quite suitable for use > within ACL-aware data models, for example. > > I believe that you can get the functionality you desire by > structuring > your resources into a tree, and taking advantage of rule > inheritance, as > Xing has already suggested. > > Best regards, > Darby > > pat wrote: > > Hi List, > > > > A few months ago I requested that the ACL unit allow some form of > > globbing. But, The impending release made that impossible. Is > now a > > good time to consider resource globbing in the acl? What I > have in mind > > is the following: > > //resource = *. controller.* > > $this->_acl->isAllowed($role, $resource); > > > > > > instead of this: > > > > !$this->_acl->isAllowed($role, $resource, $action); > > > > > > In short, I'd like the ACL to work at the module level and include > > globbing. > > > > Is this possible? > > > > cheers, > > > > pat > > > > > > > > > > >
