I put my this reply on fw-general rather than fw-auth by mistake. My apologies to all.
---------- Forwarded message ---------- From: David Mintz <[EMAIL PROTECTED]> Date: Aug 14, 2007 10:24 PM Subject: Re: [fw-auth] permissions for specific resources and users with multiple roles To: [email protected] Here's what I am doing, fwiw, and this is my first experience with ACL. It's similar to Matt P's approach. I am designing a system for the staff of federal court judges to request language interpreters for court proceedings. The rule I want to enforce is: a user (member of one or more judges' staff) authenticates, then can update/delete/insert InterpRequests if and only if that user works for the judge who presides over the case. Thus $user1 and $user2 both work for JudgeX. $user1 created an $interpRequest, then went on vacation. Now $user2 needs to change the date or time; she is allowed. But they are denied write access to anything that's before JudgeY. My User and InterpRequest extend Zend_Db_Table_Row and implement Zend_Acl_Role_Interface and Zend_Acl_Resource_Interface, respectively. In the init() of the relevant controller sets up my $acl, using instances of these classes rather than strings like you see in the examples in the docs. At ACL query time, the assert() method in my implementation of Zend_Acl_Assert_Interface gets these objects as parameters, and has to do a just a few lines of work, a little db access -- two queries, but I think I should be able to cut it to one -- to figure out whether to return true or false. (Code examples are at work and I'm not, and can't get there from here.) This might be bass-ackwards, but it seems to be working. On 8/14/07, Matt Paine <[EMAIL PROTECTED]> wrote: > > Hi Brian > > Not that I have any experience with ACL (yet) but I would be thinking > about doing a similar thing. By looking at the docs > (http://framework.zend.com/manual/en/zend.acl.advanced.html#zend.acl.advanced.assertions > ) > I have it in my head that its at least possible. The exact > implementation might be a bit tricky, and as I haven't done anything > with ACL for the moment, it may also be incorrect, but if I may blurt > out some ideas about how I would attack it, it might be useful (or at > least someone might be able to correct me where I trip up). > > [...] > -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness
