Ugh, sorry about my last post. Hotmail screwed that one up bigtime (or me,
since I chose unformatted text for mark up). I should register to this
mailinglist under another e-mail address.
Anyway, what I was trying to say is:
I just implemented my own suggestion and it seems to work like a charm.
For anyone interested:
// My_Auth_Adapter_DbTable
class My_Auth_Adapter_DbTable extends Zend_Auth_Adapter_DbTable
{
protected $_identityReturnColumns;
public function __construct(
Zend_Db_Adapter_Abstract $db,
$tableName = null,
$identityColumn = null,
$credentialColumn = null,
$credentialTreatment = null,
array $identityReturnColumns = null
)
{
if( null !== $identityReturnColumns )
{
$this->setIdentityReturnColumns( $identityReturnColumns );
}
parent::__construct( $db, $tableName, $identityColumn, $credentialColumn,
$credentialTreatment );
}
public function getIdentityReturnColumns()
{
return $this->_identityReturnColumns;
}
public function setIdentityReturnColumns( array $identityReturnColumns )
{
$this->_identityReturnColumns = $identityReturnColumns; return $this;
}
protected function _authenticateValidateResult( $resultIdentity )
{
if( '1' != $resultIdentity[ 'zend_auth_credential_match' ] )
{
$this->_authenticateResultInfo[ 'code' ] =
Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
$this->_authenticateResultInfo[ 'messages' ][] = 'Supplied credential is
invalid.';
return $this->_authenticateCreateAuthResult();
}
unset( $resultIdentity[ 'zend_auth_credential_match' ] );
$this->_resultRow = $resultIdentity;
$this->_authenticateResultInfo[ 'code' ] = Zend_Auth_Result::SUCCESS;
$this->_authenticateResultInfo[ 'messages' ][] = 'Authentication
successful.';
if( null !== $this->_identityReturnColumns )
{
$this->_authenticateResultInfo[ 'identity' ] = $this->getResultRowObject(
$this->_identityReturnColumns );
}
return $this->_authenticateCreateAuthResult();
}
}
// usage:
$authAdapter = new My_Auth_Adapter_DbTable(
$someDbAdapter,
$someTableName,
$someIdentityColumn,
$someIdentityColumn,
$someCredentialTreatment,
array( 'identity', 'roleId' ) // the columns that need to be returned in the
Zend_Auth_Result's identity key);
);
$authAdapter->setIdentity( 'admin' );
$authAdapter->setCredential( 'password' );
$auth = Zend_Auth::getInstance();
$authResult = $auth->authenticate( $this->_authAdapter );
// somewhere else
$auth = Zend_Auth::getInstance();
if( $auth->hasIdentity() )
{
$roleId = $auth->getIdentity()->roleId; // we should have a roleId for this
identity now
}
HTH
From: [email protected]
To: [email protected]
Date: Sat, 14 Mar 2009 22:55:28 +0000
Subject: RE: [fw-general] Should Zend_Auth implement Zend_Acl_Role_Interface?
From: [email protected]
To: [email protected]
Date: Sat, 14 Mar 2009 22:39:55 +0000
Subject: RE: [fw-general] Should Zend_Auth implement Zend_Acl_Role_Interface?
> Date: Sat, 14 Mar 2009 17:57:16 -0400
> From: [email protected]
> To: [email protected]
> Subject: Re: [fw-general] Should Zend_Auth implement Zend_Acl_Role_Interface?
>
> -- [email protected] <[email protected]> wrote
> (on Saturday, 14 March 2009, 05:36 PM +0000):
> > Currently (as far as I can tell) Zend_Auth only allows you to retrieve the
> > identity of some authenticated entity. With Zend_Auth_Adapter_DbTable I
> > would
> > be able to retrieve this entity's roleId through getResultRowObject(). But
> > this
> > is not persistent (as in: is not stored in a storage mechanism like
> > Zend_Auth's
> > identity). Do you think it is fair to suggest that Zend_Auth should have the
> > ability to store an identity's roleId for adapters that support this
> > possibilty
> > (such as Zend_Auth_Adapter_Db)?
> >
> > My suggestion would be to have Zend_Auth implement Zend_Acl_Role_Interface
> > so
> > that it has a getRoleId method, which would return null or false if it is
> > not
> > available/unknown. What do you think? If you feel it is not Zend_Auth's
> > responsibility to store an identity's roleId, where would you suggest this
> > should be stored? A regular session perhaps? I would love to read your
> > views on
> > the matter.
>
> Zend_Auth and Zend_Acl fulfill two very different purposes.
>
> Zend_Auth is providing _authentication_: is a person who they say they
> are?
>
> Zend_Acl is providing access control lists, which are a form of
> _authorization_: does a given role have access to a given resource?
>
> Authentication simply is the action of verifying credentials. Once you
> have done that, you will have some form of identity object -- and *that*
> object would be a candidate for implemening the role interface. In terms
> of Zend_Auth, this would be an object you receive after calling
> getIdentity() on your authentication adapter -- which is completely
> separate from Zend_Auth itself. (Zend_Auth allows the identity to be
> anything -- a string, an array, or an object.)
Hi Matthew,
Thanks for the response.
Yeah, I kind of knew my suggestion wasn't all that 'correct' but I couldn't
think of another place to store more information about the identity. But I do
understand the distinction between authentication and authorization (although
my proposal may suggest I don't). I just wasn't aware of the fact that the
identity object could be of mixed type. Should have read the docs more
properly. My apologies. Thanks for the pointer though!
So, if I understand you correctly and if I understand the current
Zend_Auth_Adapter_DbTable implementation correctly (or any adapter for that
matter): I should extend Zend_Auth_Adapter_DbTable or implement a whole new
adapter that would return a Zend_Auth_Result with more eleborate info about the
identity stored in the identity key of the Zend_Auth_Result object? Or is there
already some kind of mechanism which will allow me to configure the
Zend_Auth_Adapter_DbTable such that it stores more info in the Zend_Auth_Result
object that I am not aware of?
If not, from what I can see in Zend_Auth_Adapter_DbTable I would implement
something like the following to get the job done:
override _authenticateValidateResult() such that it does something like:
$this->_authenticateResultInfo['identity'] = array(
'identity' => $this->_resultRow[ $this->_identityColumn ],
'roleId' => $this->_resultRow[ 'roleId' ] // or maybe allow for a preset
_roleIdColumn with a new setRoleIdColumn method
);
// just before:
return $this->_authenticateCreateAuthResult();
Would you agree?
Thanks in advance.
Cheers
============
Or rather maybe implement setIdentityReturnColumns( array $columns ) rather
than setRoleIdColumn to remove any suggestion that it has a link with Acl? And
then in _authenticateValidateResult() loop trough the columns and add them to
$this->_authenticateResultInfo['identity'].
Cheers
Meer dan chatten alleen. Check nu de nieuwe Windows Live
_________________________________________________________________
Jouw nieuws en entertainment, vind je op MSN.nl!
http://nl.msn.com/
