On Fri, Jul 17, 2009 at 8:58 AM, Muhammad Ali <[email protected]> wrote:
> Hi > > I think you need to add the error resource to the Acl and allow full access > to error controller. > > You do need to do this, but I was having another issue. It was related to when the ACL is being checked, not the access rules themselves. > Thanks > > *From:* Mon Zafra <[email protected]> > *Sent:* Friday, July 17, 2009 7:00 AM > *To:* Zend Framework General <[email protected]> > *Subject:* Re: [fw-general] Zend_Acl When / Where to check your ACL? > > The plugin preDispatch() is invoked earlier than the helper preDispatch(). > The order kinda looks like this: > > plugins.routeStartup() > router.route() > plugins.routeShutdown() > plugins.dispatchLoopStartup() > [loop] > plugins.preDispatch() > [if controller exists] > controller.init() > helpers.preDispatch() > controller.preDispatch() > controller.action() > controller.postDispatch() > helpers.postDispatch() > [/if] > plugins.postDispatch() > [/loop while request.isDispatched is false] > plugins.dispatchLoopShutdown() > > The problem with the ACL plugin is that the checking is done before the > dispatcher could determine if the controller class being requested exists. > There are a couple of ways to solve this: > > - pull the dispatcher object from the front controller, test > $dispatcher->isDispatchable($request) in your plugin and act accordingly. > Basically, you duplicate the logic in the dispatcher dispatch(). > - defer the checking until after the controller has been instantiated but > before the action. > > You have three places to do the latter: controller init(), helper > preDispatch() and controller preDispatch(). Two of those require you to > extend a different base controller. I prefer doing it in a helper since I > might want to have other logic in some of my controller hooks so I don't > have to remember calling parent::init() or preDispatch(). > > -- Mon > > > On Fri, Jul 17, 2009 at 12:59 PM, J DeBord <[email protected]> wrote: > >> >> >> 2009/7/16 Vladas Diržys <[email protected]> >> >>> Why an action helper, why not a plugin? >>> >> >> >> I'd like to know as well. Is an action helper more appropriate for the >> case I described, or should an action helper always be used for >> Authorization ( Zend_Acl anyways)? >> >> In genral, what is the difference beteween front controller plugins and >> action helpers. When would you use one instead of the other? >> >> To give Vladas a short answer based on my case, the front controller >> plugin did not provide the functionality I wanted. An action helper did. >> >> Thanks a lot, >> >> J >> >>> <http://www.dirzys.com> >>> >>> >>> >>> On Thu, Jul 16, 2009 at 14:24, Matthew Weier O'Phinney <[email protected] >>> > wrote: >>> >>>> -- J DeBord <[email protected]> wrote >>>> (on Thursday, 16 July 2009, 09:30 AM +0200): >>>> > I created a front controller plugin for checking my ACL against the >>>> user's >>>> > role. It first checks Zend_Auth for an identity. If an identity >>>> exists, it >>>> > grabs the identity's role. If no identity exists, it uses 'guest' as >>>> the >>>> > default role. I hooked into the preDispatch() method of the front >>>> controller >>>> > plugin. >>>> > >>>> > This works, except that I've lost my "page not found functionality". >>>> So I get >>>> > "resource not found" or "not authorized" message when requests for non >>>> > existance controllers or actions are made. >>>> > >>>> > Would it be better to have the controllers extend a "BaseController" >>>> that does >>>> > the ACL checks in the init() method? >>>> > >>>> > What is the preferred way or best practice for running the ACL checks? >>>> >>>> Use an action helper with a preDispatch() hook, and register it in your >>>> bootstrap. :) >>>> >>>> -- >>>> Matthew Weier O'Phinney >>>> Project Lead | [email protected] >>>> Zend Framework | http://framework.zend.com/ >>>> >>> >>> >> >
