ACL is like everything else in this regard:
It provides you with a set of interfaces and a standard API that you can
consume throughout your application when it comes to querying for access
control.
Imagine this: in one place in your application where you might be doing
an SQL lookup to determine if some user has access to some
resources/privlidge, you simply have a call that looks like this:
$acl->isAllowed($user, $resource, 'do-something');
This then allows you to treat your ACL system as a model, and as such,
all of your ACL logic (definitions, loading of dynamic definitions, and
custom assertions) can live in a single place: application/model/ next
to the models that your acl classes will be answering the "access
control" question for.
I wrote an article just recently on ACLs:
http://ralphschindler.com/2009/08/13/dynamic-assertions-for-zend_acl-in-zf
-ralph
debussy007 wrote:
Hi,
I have stored my resources, the priveleges, and the roles (user groups) are
stored in my DB.
(And I'm sure many of you have the same)
Thus, to check if a role may access a resource, I could just query the DB
for it, everything is in there.
Why should I use ACL ?
I'm confused ...
