Try something like
$rs1 = new Zend_Acl_Resouce('default.index') // maps to 'default'
module and 'index' controller
$rs2 = new Zend_Acl_Resouce('forums.index') // maps to 'forums' module
and 'index' controller
...etc...
Then you can check for the existence and validity of a resource by
concatenating the module and controller with a '.'
Hello Darby,
This will throw a exception (Resource id 'index' already exists) ,
if you have the same controller/action name in different modules.
Because there's no namespace mechanism in inheritance.
Senmiao
2007/7/20, Darby Felton <[EMAIL PROTECTED]>:
Hi Matt,
You do not bloat the ACL by using inheritance, as was suggested.
Imagine
organizing your modules, controllers, and actions into a hierarchy,
like
a filesystem, where a module is parent to a controller, which, in
turn,
is parent to an action.
Here is a quick untested example:
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource('myModule')
->add(new Zend_Acl_Resource('myController'), 'myModule')
->add(new Zend_Acl_Resource('myAction'), 'myController');
Now, you can deny access to all of myModule's child controllers (and
their child actions) with simply:
$acl->deny(null, 'myModule');
Simple, eh? This denies all Roles access to the Resource identified by
'myModule'. Simply change the first parameter to control which Roles
are
affected by the rule. The documentation shows many examples of
resource
inheritance usage, and I would recommend that you first understand
these. If further illustration would be helpful, please see the
Zend_Acl
unit tests.
Best regards,
Darby
Matt Needles wrote:
> It's not clear. How do we control access at the module level without
> bloating the ACL? For instance, how do we deny access to all
controllers
> that start with Admin_* (regardless of the action) to roles: user/
guest ?
>
> matt
>
>
>
>
> On 7/19/07, *Darby Felton* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
>
> Hi Pat,
>
> The third parameter of Zend_Acl::isAllowed() is not
specifically for
> controller actions, though this would be a reasonable use
case, where
> the requested controller action corresponds to a Zend_Acl
privilege.
> Indeed, Zend_Acl is not only for controlling access to
specific modules,
> controllers, and actions, but also should be quite suitable
for use
> within ACL-aware data models, for example.
>
> I believe that you can get the functionality you desire by
structuring
> your resources into a tree, and taking advantage of rule
inheritance, as
> Xing has already suggested.
>
> Best regards,
> Darby
>
> pat wrote:
> > Hi List,
> >
> > A few months ago I requested that the ACL unit allow some
form of
> > globbing. But, The impending release made that impossible.
Is now a
> > good time to consider resource globbing in the acl? What I
have
> in mind
> > is the following:
> > //resource = *. controller.*
> > $this->_acl->isAllowed($role, $resource);
> >
> >
> > instead of this:
> >
> > !$this->_acl->isAllowed($role, $resource, $action);
> >
> >
> > In short, I'd like the ACL to work at the module level and
include
> > globbing.
> >
> > Is this possible?
> >
> > cheers,
> >
> > pat
> >
> >
> >
> >
>
>
--
Simon Mundy | Director | PEPTOLAB
""" " "" """""" "" "" """"""" " "" """"" " """"" " """""" "" "
202/258 Flinders Lane | Melbourne | Victoria | Australia | 3000
Voice +61 (0) 3 9654 4324 | Mobile 0438 046 061 | Fax +61 (0) 3 9654
4124
http://www.peptolab.com
