Hi!
Just started to explore the possibilities of Zend_Acl. Assume I use the following role structure: team-north | |- team-a | |- subteam-1a | |- subteam-2a | \- subteam-3a | |- team-b | |- subteam-1b | |- subteam-2b | \- subteam-3b and the following ressources: pages |- page1 |- page2 \- page3 Each user gets a subteam role to make him member of a team. Zend_Acl inheritance functionality makes it easy to authorize a whole team for, say, viewing of page1 by just defining a rule like allow( team-a, page1, view ) Let's assume there are a few such rules, defining what the whole team is able to do. Furthermore there are some rules like allow( subteam-1a, page1, special-privilege ) so that subteams own very specialized rights to do certain things. My question is: How can I introduce team-leaders? Those people should aggregate the rights of all team members. First, such a teamleader is given the role team-a, so that he has all the rights that are assigned to the whole team. But what about those fine grained special rights the subteams are given on the lower levels of the tree? Inheritance goes the other direction, so he is not given those subteam privileges that way. Of course I could introduce a new team-leader-role that explicitly inherits from all subteam roles. Thing is, I do not want to do this explicitly, I want something like "inverse inheritance" so to speak. To sum up: I'd like to put rights on a team, such that all team members own that right, and I'd like to have team leaders who sum up the rights from subteams and team members... Any ideas? thanks in advance, Nico
