I personally prefer to put the acl in the Model, this way your access control is at the model level not the application level meaning you can use the Model in other contexts outside the MVC.
2009/6/21 Brenton Alker <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I am working on the architecture of a new ZF application and have am > questioning which module is responsible for assigning permissions to the > ACL. > > I have an Auth module that manages the ACL for the application. The Auth > module exposes an Authorization service, which is used by services of > other modules to check the ACL. Does this seem like a good structure? > > But the main issue I'm seeking advice on is where the permissions should > be set. The Auth module doesn't know about the resources of the other > modules, and the other modules don't know about the roles defined in the > Auth module. So should the application (aka. default module), which > knows about both, assign the permissions? Does this violate the idea > that permissions are business logic and thus should be defined in the model? > > Any insight appreciated, thanks. > > - -- > > Brenton Alker > PHP Developer - Brisbane, Australia > > http://blog.tekerson.com/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAko9mzcACgkQ7bkAtAithuuRBgCeMxS2eZQjGdL+kvgKvB7loGUd > 8L0AoJxOEjTQNmPv6xqwRjvRBFsUnsuG > =oJCC > -----END PGP SIGNATURE----- > -- ---------------------------------------------------------------------- [MuTe] ----------------------------------------------------------------------
