You can gain some performance by adding only the roles you really need for the
requested page: http://codeutopia.net/blog/2009/02/18/zend_acl-part-3-
creating-and-storing-dynamic-acls/
Regards, Jurian
--
Jurian Sluiman
Soflomo.com
Op Monday 15 June 2009 18:06:29 schreef Hector Virgen:
> Try registering your actual App_User and App_GameSheet objects with your
> ACL instead of generic role/resource objects.
> Change this:
>
> $acl->addRole(new Zend_Acl_Role('editor'));
> $acl->add(new Zend_Acl_Resource('App_GameSheet');
>
> to this:
>
> $acl->addRole(new App_User());
> $acl->add(new App_GameSheet());
>
> Internally, Zend_Acl creates a registry of roles/resources and uses the
> roleid/resourceid to retrieve the objects from the registry when checking
> assertions.
>
> The only difficulty in this design is that you have to register each
> user/resource (unless they can all be grouped into one).
>
> -Hector
>
> On Sun, Jun 14, 2009 at 5:11 AM, Abraham Block <[email protected]> wrote:
> > I wrote a workaround on my blog
> > http://www.aviblock.com/blog/2009/03/19/acl-in-zend-framework/#comments
> >
> > On Sun, Jun 14, 2009 at 5:54 AM, Mon Zafra <[email protected]> wrote:
> >> Ooops, read the date incorrectly. It's actually 23 months old :p
> >>
> >> -- Mon
> >>
> >> On Sun, Jun 14, 2009 at 5:52 PM, Mon Zafra <[email protected]> wrote:
> >>> That's how I expected assertions to work as well. Transforming the
> >>> roles and resources into normal Zend_Acl_Role/Resource really limits
> >>> the usefulness of assertions. This issue is exactly two years old now.
> >>> There are some workarounds in
> >>> http://framework.zend.com/issues/browse/ZF-1721 and related issues.
> >>>
> >>> -- Mon
> >>>
> >>> On Sun, Jun 14, 2009 at 4:55 PM, Stefan Gehrig <[email protected]> wrote:
> >>>> Dear all,
> >>>>
> >>>> I just started to use Zend_Acl for authorization in one of our
> >>>> projects but
> >>>> either I do have some real problem understanding the use of assertions
> >>>> or
> >>>> there is some flaw in the assertion design.
> >>>> I don't know if some other developers stumbled upon this issue -
> >>>> perhaps it's just that I don't understand the purpose of assertion
> >>>> correctly. Let's say, we have the following domain models:
> >>>>
> >>>> class App_User implements Zend_Acl_Role
> >>>> {
> >>>> //...
> >>>>
> >>>> public function getId()
> >>>> {
> >>>> return $this->_userId;
> >>>> }
> >>>>
> >>>> public function getRoleId()
> >>>> {
> >>>> return $this->_group;
> >>>> }
> >>>>
> >>>> //...
> >>>> }
> >>>>
> >>>> class App_GameSheet implements Zend_Acl_Resource
> >>>> {
> >>>> //...
> >>>>
> >>>> public function getHomeTeamAdminId()
> >>>> {
> >>>> return $this->_homeTeamAdminId;
> >>>> }
> >>>>
> >>>> public function getLeagueAdminId()
> >>>> {
> >>>> return $this->_leagueAdminId;
> >>>> }
> >>>>
> >>>> public function getResourceId()
> >>>> {
> >>>> return __CLASS__;
> >>>> }
> >>>>
> >>>> //...
> >>>> }
> >>>>
> >>>> class App_Acl_GameSheetAssertion implements Zend_Acl_Assert_Interface
> >>>> {
> >>>> public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role
> >>>> = null,
> >>>> Zend_Acl_Resource_Interface $resource = null, $privilege =
> >>>> null) {
> >>>> if (($resource instanceof App_GameSheet) && ($role instanceof
> >>>> App_User)) {
> >>>> $userId = $role->getId();
> >>>> $leagueAdmin = $resource->getLeagueAdminId ();
> >>>> $homeTeamAdmin = $resource->getHomeTeamAdminId ();
> >>>> if (in_array($userId, array($leagueAdmin, $homeTeamAdmin)))
> >>>> { return true;
> >>>> } else {
> >>>> return false;
> >>>> }
> >>>> }
> >>>> return null;
> >>>> }
> >>>> }
> >>>>
> >>>> I though, I could do the following:
> >>>>
> >>>> $acl = new Zend_Acl();
> >>>> $acl->addRole(new Zend_Acl_Role('editor'));
> >>>> $acl->addRole(new Zend_Acl_Role('admin'), 'editor);
> >>>> $acl->add(new Zend_Acl_Resource('App_GameSheet');
> >>>> $acl->allow('admin', null, null, null);
> >>>> $acl->allow('editor', 'App_GameSheet', null, new
> >>>> App_Acl_GameSheetAssertion());
> >>>>
> >>>> $gameSheet = App_GameSheet::load(123);
> >>>> $user = App_User::load(456);
> >>>> var_dump($acl->isAllowed($user, $gameSheet, null));
> >>>>
> >>>> The problem now is that Zend_Acl changes $role and $resource to simple
> >>>> Zend_Acl_Role and Zend_Acl_Resource objects before passing them into
> >>>> the assertion.
> >>>> Am I totally wrong in my understanding of how this should work? I
> >>>> personally
> >>>> think that the preceding solution would be a very elegant way to cope
> >>>> with
> >>>> such issues.
> >>>>
> >>>> Should this be considered a bug or rather an idea for improvement (as
> >>>> this
> >>>> surely would break BC it would have to wait until ZF 2.0 I assume)?
> >>>> Is there any other workaround or design that solves this problem using
> >>>> Zend_Acl? I really thought that I found the philosopher's stone for
> >>>> this problem ;-)
> >>>>
> >>>> Thanks to all of you!
> >>>>
> >>>> Best regards
> >>>>
> >>>> Stefan
