Hi,
We have a view helper for that purpose, which allows for a lot more
readable view scripts:
$this->isAllowed( 'user', 'post', 'edit');
The view helper would be proxy to the ACL isallowed:
class Namespace_View_Helper_IsAllowed extends Zend_View_Helper_Abstract
{
public function isAllowed( $role, $resource, $privilege )
{
$acl = Zend_Registry::get('acl');
return $acl->isAllowed($role, $resource, $privilege);
}
}
[ In our case, we have a bit more logic behind this so we don't actually
pass strings to the helper but we pass the actual objects, but you could
chose to have the helper find the role of the identity on it's own by
placing Zend_Auth::getInstance()->getIdentity()->role; inside the
isAllowed helper ]
Hope this helps,
Ramon de la Fuente
On 1-10-2010 15:56, Serkan Temizel wrote:
Hi there all,
Just started using ACL and everything is ok up to now.
I can restrict pages for specific users. For example a *guest *user gets an
error if he/she clicks the edit button.
Now I want to hide this edit button for * *users who don't have edit
permission. Which one is a better approach;
*1.check ACL in view script *
$roleName = Zend_Auth::getInstance()->getIdentity()->role;
$acl = Zend_Registry::get('acl');
if($acl->isAllowed($roleName,'post','edit')){
// echo edit button ...
}
*2. check it in the controller and pass a flag to view*
If you think it is better in view script would you suggest a better code?
Thanks
Serkan
