Hi,
I've finished reading the zend_auth/acl tutorial (
http://framework.zend.com/wiki/display/ZFUSER/Implementing+Access+Control+with+Zend+Framework)
and now I have a few more questions :)
If I understood correctly the example the bootstrap sets all resources/roles
that will be used (within the run method) and at the preDispatch of all
controllers we check if the role of the user is allowed.
if (!$acl->isAllowed($role, $controllerName, $request->getActionName())) {
$request->setControllerName('index')
->setActionName('denied')
->setDispatched(false);
}
The action is the privilege.
In my case my application's actions uses a database to store the users and
the privileges. Each action is given an ID and the table holds the username
and all IDs he/she is allowed.
I currently do not use the role approach since every user can have different
sets of privileges (ex. can only view blog but view/edit/remove news). I
plan to use the role to ease the setup so I am looking for a better
alternative to maintain the privilege system.
How could I store this in an efficient way?
ex:
user foo has an adminNews role and can view the blog
adminNews is role that can view/edit/remove news
I plan to use the resource == controller, privilege ==action approach
Since there can be hundreds of privileges for a single user loading all at
every request does not seem to be a good solution. In this case where is the
best place to do so? At the preDispatch but trying to load just the ACL for
the current controller?
Thanks.
