I've been looking at incorporating Zend_Acl into my existing
application to make expanding the user permissions, preferences, etc.
a little easier. Looking at the manual pages about it are leaving me a
little empty though, specifically they do a good job of demonstrating
how to come up with your ACL for resources, but I don't see any clear
indication of how one then applies these to a user.
I guess the implication is that instead of having permissions for
individual users you simply have to define a role that matches the
permissions you'd want for that user and then assign that role to the
user.
This is acceptable, I guess, but my existing application works more on
a basis of checking if the user has a permission. In effect what I
have had in the past is a mirror image of what Zend_Acl assumes.
Does anyone have any insight on this topic they could share with me? I
don't want to have to specify a role for each resource with the
appropriate permissions. For example, currently I have a few objects
that my application manages: proposals, awards, people, units/
departments, etc. In this I specify add, edit, delete for each for
each user. So user A may be able to add any of those but not modify
them once they're in the system. User B may only be able to enter new
proposals. User C may only be able to edit awards (marking them
approved/denied/etc).
From my understanding of the Acl, to translate this I would need to
create resources for each of my objects with rules for create, edit,
delete, etc. I would then need to create a role for each to match the
activities: User A would general data entry and have create access for
all resources. User B would have limited data entry. User C would have
no entry permissions but only limited edit permissions.
Does this sound right? My first thought is that I need to write an Acl
for each user rather than for each resource... I'm just havin’ trouble
wrapping my brain around this properly ;-)
Appreciate the help.
- [fw-general] A little further insight on how to use Zend_Acl Errol Sayre
-
