Hi,
I have something like that in my current app.
After succesful auth, I store the role (user, poweruser, admin) in the
identity and another role called as_role.
All my acl checks are done against as_role except one that is done against
the true role.
The check using the true role display some "view as" buttons in the layout
if role is "admin" and permit changes to as_role.
It's not perfect impersonation as I can't see resources as their owner
without logging as the owner but I can browse the site as a generic user or
poweruser without loging out.
Ludwig
--------------------------------------------------
From: "Aleksey Zapparov" <[email protected]>
Sent: Thursday, June 10, 2010 12:33 PM
To: "Jurian Sluiman" <[email protected]>
Cc: <[email protected]>; "shahrzad khorrami"
<[email protected]>
Subject: Re: [fw-general] using of two auth in zend
Hello,
Very good point of view. Unfortunately it does not related to the topic.
Topic
was exactly about authentication, not authorization. I see what do you
mean
and I understand why do you think that Zend_Acl will solve the problem.
But
problem was not about to separate credentials by roles, but to separate
authentication scopes.
It was about to provide option to be able to log-in into website as
admin for one
particular module and somebody else for all anothers. If you have
experience
then you probably saw that there you can log into back-end administration
panel as admin (or moderator), but you can log into front-end
administration by
somebody else.
Why you may need this? Here's simple example why this may be useful. When
you have built a some kind of CMS, and you have different roles of users,
and
your administrator has ability to change scopes of visible areas for
one role and
another, you would like to test it "live". With two concerrent
authentications you
can achieve this easily simply log into "user's area" as user while be
staying
administrator inside "admin's area". With one authentication scope you'll
need
to log out and log in back as user to test changes.
2010/6/10 Jurian Sluiman <[email protected]>:
Hi,
I think you're using the wrong tool to solve the problem. Auth is just
needed
for authentication: who are you?. The answer to the question if you have
permission to something is covered in authorization.
Zend_Acl is the thing you need, not two Zend_Auth instances. It's pretty
easy
with two resources (account and admin) and two roles (user and admin,
groups
for the users). Program them static in your plugin and you're future
proof for
further expansion.
Regards, Jurian
--
Jurian Sluiman
CTO Soflomo V.O.F.
http://soflomo.com
On Wednesday 09 Jun 2010 06:23:13 shahrzad khorrami wrote:
wow thanks alot Alekseyyyy I'm going to test... B-) merccccc
--
Sincerely yours,
Aleksey V. Zapparov A.K.A. ixti
FSF Member #7118
Mobile Phone: +34 617 179 344
Homepage: http://www.ixti.ru
JID: [email protected]
*Origin: Happy Hacking!
