It's postings like this that keep me on the mailing list. Thanks Mon Zafra!
j On Fri, Jul 17, 2009 at 3:20 AM, Muhammad Ali <[email protected]> wrote: > Hi J > > I am not sure if it would help but I am using > Zend_Controller_Plugin_Abstract and registered in Bootstrap and works fine. > > function _initPlugins(){ > Zend_Controller_Front::getInstance()->registerPlugin(new > Plugin_ControllerAcl()); > } > > Thanks > > *From:* J DeBord <[email protected]> > *Sent:* Friday, July 17, 2009 8:02 AM > *To:* Zend Framework General <[email protected]> > *Subject:* Re: [fw-general] Zend_Acl When / Where to check your ACL? > > > > On Fri, Jul 17, 2009 at 8:58 AM, Muhammad Ali <imjob.org@<[email protected]> > live.com> wrote: > >> Hi >> >> I think you need to add the error resource to the Acl and allow full >> access to error controller. >> >> > > You do need to do this, but I was having another issue. It was related to > when the ACL is being checked, not the access rules themselves. > >> Thanks >> >> *From:* Mon Zafra <[email protected]> >> *Sent:* Friday, July 17, 2009 7:00 AM >> *To:* Zend Framework General <[email protected]> >> *Subject:* Re: [fw-general] Zend_Acl When / Where to check your ACL? >> >> The plugin preDispatch() is invoked earlier than the helper >> preDispatch(). The order kinda looks like this: >> >> plugins.routeStartup() >> router.route() >> plugins.routeShutdown() >> plugins.dispatchLoopStartup() >> [loop] >> plugins.preDispatch() >> [if controller exists] >> controller.init() >> helpers.preDispatch() >> controller.preDispatch() >> controller.action() >> controller.postDispatch() >> helpers.postDispatch() >> [/if] >> plugins.postDispatch() >> [/loop while request.isDispatched is false] >> plugins.dispatchLoopShutdown() >> >> The problem with the ACL plugin is that the checking is done before the >> dispatcher could determine if the controller class being requested exists. >> There are a couple of ways to solve this: >> >> - pull the dispatcher object from the front controller, test >> $dispatcher->isDispatchable($request) in your plugin and act accordingly. >> Basically, you duplicate the logic in the dispatcher dispatch(). >> - defer the checking until after the controller has been instantiated >> but before the action. >> >> You have three places to do the latter: controller init(), helper >> preDispatch() and controller preDispatch(). Two of those require you to >> extend a different base controller. I prefer doing it in a helper since I >> might want to have other logic in some of my controller hooks so I don't >> have to remember calling parent::init() or preDispatch(). >> >> -- Mon >> >> >> On Fri, Jul 17, 2009 at 12:59 PM, J DeBord <[email protected]> wrote: >> >>> >>> >>> 2009/7/16 Vladas Diržys <[email protected]> >>> >>>> Why an action helper, why not a plugin? >>>> >>> >>> >>> I'd like to know as well. Is an action helper more appropriate for the >>> case I described, or should an action helper always be used for >>> Authorization ( Zend_Acl anyways)? >>> >>> In genral, what is the difference beteween front controller plugins and >>> action helpers. When would you use one instead of the other? >>> >>> To give Vladas a short answer based on my case, the front controller >>> plugin did not provide the functionality I wanted. An action helper did. >>> >>> Thanks a lot, >>> >>> J >>> >>>> <http://www.dirzys.com> >>>> >>>> >>>> >>>> On Thu, Jul 16, 2009 at 14:24, Matthew Weier O'Phinney < >>>> [email protected]> wrote: >>>> >>>>> -- J DeBord <[email protected]> wrote >>>>> (on Thursday, 16 July 2009, 09:30 AM +0200): >>>>> > I created a front controller plugin for checking my ACL against the >>>>> user's >>>>> > role. It first checks Zend_Auth for an identity. If an identity >>>>> exists, it >>>>> > grabs the identity's role. If no identity exists, it uses 'guest' as >>>>> the >>>>> > default role. I hooked into the preDispatch() method of the front >>>>> controller >>>>> > plugin. >>>>> > >>>>> > This works, except that I've lost my "page not found functionality". >>>>> So I get >>>>> > "resource not found" or "not authorized" message when requests for >>>>> non >>>>> > existance controllers or actions are made. >>>>> > >>>>> > Would it be better to have the controllers extend a "BaseController" >>>>> that does >>>>> > the ACL checks in the init() method? >>>>> > >>>>> > What is the preferred way or best practice for running the ACL >>>>> checks? >>>>> >>>>> Use an action helper with a preDispatch() hook, and register it in your >>>>> bootstrap. :) >>>>> >>>>> -- >>>>> Matthew Weier O'Phinney >>>>> Project Lead | [email protected] >>>>> Zend Framework | http://framework.zend.com/ >>>>> >>>> >>>> >>> >> >
