Hi Matthew,
thanks for this new idea.
> I just had another idea. Use an initializer.
I tried to build this but noticed that the initializer is only processed
for existing controllers. But the acl check problems I have have to do
with not existing controllers.
Currently I used this listener method:
-----------------------------------------------------------------
public function checkAcl(EventInterface $e)
{
$routeMatch = $e->getRouteMatch();
$controllerLoader = $e->getApplication()->getServiceManager()
->get('ControllerLoader');
try {
$controller = $controllerLoader->get(
$routeMatch->getParam('controller')
);
} catch (\Exception $exception) {
return;
}
$acl = $e->getApplication()->getServiceManager()
->get('User\Acl\Service');
if (!$acl->isAllowed(
$routeMatch->getParam('controller'),
$routeMatch->getParam('action'))
) {
$routeMatch->setParam('controller', 'user');
$routeMatch->setParam('action', 'forbidden');
}
}
-----------------------------------------------------------------
Now the ACL check is not processed for not existing controllers. The
only issue with this is the double check with the controller loader.
The only other solution I currently see is adding another event trigger
within Zend\Mvc\DispatchListener::onDispatch() after the try-catch block
which checks existance of requested controller and before the dipatching.
Regards,
Ralf
--
List: [email protected]
Info: http://framework.zend.com/archives
Unsubscribe: [email protected]
