Your models can be a role, a resource, or both. For example, in my application I have a user model that is a role, and an exam model that is a resource. If you wanted to provide your users with access to other users (for example, to view their profiles), you could make the user both a role and a resource.
As far as querying the ACL, you an either do that in the service layer (if you have one), directly in your controllers, or within your models themselves. There are a lot of ways to architect it, and it depends on your application's scale. -- Hector On Fri, Mar 26, 2010 at 10:53 AM, jsuggs <[email protected]> wrote: > > I'm trying to figure out what "layer(s)" should implement which aspect(s) > of > Zend_Acl. So I've got a few questions. > > Are the models the resources (ie. implements Zend_Acl_Resource_Interface) > or > does that belong solely in the service layer? I could see a case being > made > for the service class implementing/being the resource, but at the same time > the service class could be (more or less) responsible for more than one > resource/model (and service classes are not 1:1 with models, right?). > > What about the "User" model implementing Zend_Acl_Role_Interface? > > I understand that service layer is where you actually do the resource > checks > and allow/deny access, but just not 100% certain where/what the actual > resources are. Any insight is greatly appreciated! > -- > View this message in context: > http://n4.nabble.com/Models-and-Services-ACL-Where-and-How-tp1692595p1692595.html > Sent from the Zend Framework mailing list archive at Nabble.com. >
