-- [email protected] <[email protected]> wrote (on Saturday, 14 March 2009, 05:36 PM +0000): > Currently (as far as I can tell) Zend_Auth only allows you to retrieve the > identity of some authenticated entity. With Zend_Auth_Adapter_DbTable I would > be able to retrieve this entity's roleId through getResultRowObject(). But > this > is not persistent (as in: is not stored in a storage mechanism like > Zend_Auth's > identity). Do you think it is fair to suggest that Zend_Auth should have the > ability to store an identity's roleId for adapters that support this > possibilty > (such as Zend_Auth_Adapter_Db)? > > My suggestion would be to have Zend_Auth implement Zend_Acl_Role_Interface so > that it has a getRoleId method, which would return null or false if it is not > available/unknown. What do you think? If you feel it is not Zend_Auth's > responsibility to store an identity's roleId, where would you suggest this > should be stored? A regular session perhaps? I would love to read your views > on > the matter.
Zend_Auth and Zend_Acl fulfill two very different purposes. Zend_Auth is providing _authentication_: is a person who they say they are? Zend_Acl is providing access control lists, which are a form of _authorization_: does a given role have access to a given resource? Authentication simply is the action of verifying credentials. Once you have done that, you will have some form of identity object -- and *that* object would be a candidate for implemening the role interface. In terms of Zend_Auth, this would be an object you receive after calling getIdentity() on your authentication adapter -- which is completely separate from Zend_Auth itself. (Zend_Auth allows the identity to be anything -- a string, an array, or an object.) -- Matthew Weier O'Phinney Software Architect | [email protected] Zend Framework | http://framework.zend.com/
