Hello everyone, I recently began a small project for myself to get more familiar with some ZF components which I haven't touched so much in the past.
The project is basically a small, module-based, CMS. I've gotten most things sorted out but there's one thing which I've been intensely trying to wrap my head around. ACL. I've been googling like mad for the past week and read all articles I could get my hands on but I still can't seem to come up with a decent idea which I why I'm hoping for some feedback from you, the braintrust :) The basics of it, is quite common - I think. A user is associated with a group for which access rights to a certain resource can be defined. I'm storing the access rights in my database for it to be easy to edit through the administration panel. Actually, the ease of use is what's giving me my headache. I'd like to achieve a nice modular structure and make it easy to develop new modules and add them to the system. The problem then begins with the new modules having new resources for which it should be able to define access rights. As it is now, modules already have to be "registered" with the system before being accessible and it's not that hard also making it able to load in resources for a module - right now, all modules implement a Config class which contains information such as which resources it defines and the priveliges allowed for each resource. Where my headache really gets severe is when taking assertions into consideration. Some modules, such as the Blog, needs to make use of assertions to allow the owner of a post to edit it but not edit every other post. So ok, each module also implements some assertions. But how do I, when constructing the ACL from the database, take assertions into consideration? My first idea was to store assertion names in the database to, when registering a module. So that when building the ACL and stumbling across a resource which needs to have access defined with an assertion in it, the assertions class name such as Blog_Acl_Assertion_IsPostOwner and it would then instantiate the assertion class when building the ACL. But somehow, I don't find that idea very appealing. Therefore, I'd like to query you guys if you experience with working with something like this or just an idea on how to make this happen. Thank you for reading on through all my babble. Kind regards Christian Rasmussen