Well, I just implemented my own suggestion and it seems to work like a charm.
For anyone interested:// My_Auth_Adapter_DbTableclass My_Auth_Adapter_DbTable
extends Zend_Auth_Adapter_DbTable{ protected $_identityReturnColumns; public
function __construct( Zend_Db_Adapter_Abstract $db, $tableName = null,
$identityColumn = null, $credentialColumn = null, $credentialTreatment =
null, array $identityReturnColumns = null ) { if( null !==
$identityReturnColumns ) { $this->setIdentityReturnColumns(
$identityReturnColumns ); } parent::__construct( $db, $tableName,
$identityColumn, $credentialColumn, $credentialTreatment ); } public
function getIdentityReturnColumns() { return
$this->_identityReturnColumns; } public function setIdentityReturnColumns(
array $identityReturnColumns ) { $this->_identityReturnColumns =
$identityReturnColumns; return $this; } protected function
_authenticateValidateResult($resultIdentity) { if( '1' != $resultIdentity[
'zend_auth_credential_match' ] ) { $this->_authenticateResultInfo[
'code' ] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
$this->_authenticateResultInfo[ 'messages' ][] = 'Supplied credential is
invalid.'; return $this->_authenticateCreateAuthResult(); } unset(
$resultIdentity[ 'zend_auth_credential_match' ] ); $this->_resultRow =
$resultIdentity; $this->_authenticateResultInfo[ 'code' ] =
Zend_Auth_Result::SUCCESS; $this->_authenticateResultInfo[ 'messages' ][] =
'Authentication successful.'; if( null !== $this->_identityReturnColumns )
{ $this->_authenticateResultInfo[ 'identity' ] =
$this->getResultRowObject( $this->_identityReturnColumns ); } return
$this->_authenticateCreateAuthResult(); }}// usage:$authAdapter = new
My_Auth_Adapter_DbTable( $someDbAdapter, $someTableName,
$someIdentityColumn, $someIdentityColumn, $someCredentialTreatment, array(
'identity', 'roleId' ) // the columns that need to be returned in the
Zend_Auth_Result's identity key);$authAdapter->setIdentity( 'admin'
);$authAdapter->setCredential( 'password' );$auth =
Zend_Auth::getInstance();$authResult = $auth->authenticate( $this->_authAdapter
);// somewhere else$auth = Zend_Auth::getInstance();if( $auth->hasIdentity() ){
$roleId = $auth->getIdentity()->roleId; // we have a roleId for this identity
now}HTH________________________________> From: [email protected]> To:
[email protected]> Date: Sat, 14 Mar 2009 22:55:28 +0000> Subject: RE:
[fw-general] Should Zend_Auth implement Zend_Acl_Role_Interface?>>>>>>>>>>>
________________________________> From: [email protected]> To:
[email protected]> Date: Sat, 14 Mar 2009 22:39:55 +0000> Subject: RE:
[fw-general] Should Zend_Auth implement Zend_Acl_Role_Interface?>>>>>>>>>>>>
Date: Sat, 14 Mar 2009 17:57:16 -0400>> From: [email protected]>> To:
[email protected]>> Subject: Re: [fw-general] Should Zend_Auth
implement Zend_Acl_Role_Interface?>>>> -- [email protected] wrote>> (on
Saturday, 14 March 2009, 05:36 PM +0000):>>> Currently (as far as I can tell)
Zend_Auth only allows you to retrieve the>>> identity of some authenticated
entity. With Zend_Auth_Adapter_DbTable I would>>> be able to retrieve this
entity's roleId through getResultRowObject(). But this>>> is not persistent (as
in: is not stored in a storage mechanism like Zend_Auth's>>> identity). Do you
think it is fair to suggest that Zend_Auth should have the>>> ability to store
an identity's roleId for adapters that support this possibilty>>> (such as
Zend_Auth_Adapter_Db)?>>>>>> My suggestion would be to have Zend_Auth implement
Zend_Acl_Role_Interface so>>> that it has a getRoleId method, which would
return null or false if it is not>>> available/unknown. What do you think? If
you feel it is not Zend_Auth's>>> responsibility to store an identity's roleId,
where would you suggest this>>> should be stored? A regular session perhaps? I
would love to read your views on>>> the matter.>>>> Zend_Auth and Zend_Acl
fulfill two very different purposes.>>>> Zend_Auth is providing
_authentication_: is a person who they say they>> are?>>>> Zend_Acl is
providing access control lists, which are a form of>> _authorization_: does a
given role have access to a given resource?>>>> Authentication simply is the
action of verifying credentials. Once you>> have done that, you will have some
form of identity object -- and *that*>> object would be a candidate for
implemening the role interface. In terms>> of Zend_Auth, this would be an
object you receive after calling>> getIdentity() on your authentication adapter
-- which is completely>> separate from Zend_Auth itself. (Zend_Auth allows the
identity to be>> anything -- a string, an array, or an object.)>> Hi Matthew,>>
Thanks for the response.>> Yeah, I kind of knew my suggestion wasn't all that
'correct' but I couldn't think of another place to store more information about
the identity. But I do understand the distinction between authentication and
authorization (although my proposal may suggest I don't). I just wasn't aware
of the fact that the identity object could be of mixed type. Should have read
the docs more properly. My apologies. Thanks for the pointer though!>> So, if I
understand you correctly and if I understand the current
Zend_Auth_Adapter_DbTable implementation correctly (or any adapter for that
matter): I should extend Zend_Auth_Adapter_DbTable or implement a whole new
adapter that would return a Zend_Auth_Result with more eleborate info about the
identity stored in the identity key of the Zend_Auth_Result object? Or is there
already some kind of mechanism which will allow me to configure the
Zend_Auth_Adapter_DbTable such that it stores more info in the Zend_Auth_Result
object that I am not aware of?>> If not, from what I can see in
Zend_Auth_Adapter_DbTable I would implement something like the following to get
the job done:>> override _authenticateValidateResult() such that it does
something like:>>> $this->_authenticateResultInfo['identity'] = array(>
'identity' => $this->_resultRow[ $this->_identityColumn ],> 'roleId' =>
$this->_resultRow[ 'roleId' ] // or maybe allow for a preset _roleIdColumn with
a new setRoleIdColumn method> );> // just before:> return
$this->_authenticateCreateAuthResult();>>> Would you agree?>> Thanks in
advance.> Cheers>> ============>> Or rather maybe implement
setIdentityReturnColumns( array $columns ) rather than setRoleIdColumn to
remove any suggestion that it has a link with Acl? And then in
_authenticateValidateResult() loop trough the columns and add them to
$this->_authenticateResultInfo['identity'].>>> Cheers>>
________________________________> Meer dan chatten alleen. Check nu de nieuwe
Windows Live
_________________________________________________________________
Blijf altijd op de hoogte van wat jouw vrienden doen
http://home.live.com
