Well there are two ways you can do this, (well three, but we will get to that).
You can do checks based on the requested route or controller and action, and do generic checks like, can a user of type 'guest' access the 'edit' action of my 'postcontroller', or if user of type 'guest' can access route 'my/controller/edit'. This is nice for just overall access control, keeping all your guests out of user areas etc. You can use a library like BjyAuthorize to do this automagically. The second case, which I presume is your case, is to check whether user 1234 can edit post 567. This you use assertions for. I usually do that check after I have done the 'does this resource even exist' check. If the assertion fails, I either 403 them or redirect to a known accessible page. You could do the resource exists and is allowed checks in an early dispatch listener and then pass the resource as a parameter to the MvcEvent being passed around. This option might be more attractive if you are worried about coupling your authorization to your controllers directly. Hopefully this is of some help :) Cheers, Michael Gooden On 9 September 2013 10:17, Martijn Korse <[email protected]> wrote: > i'm creating a zend framework 2 application and i'm sort of trying to > implement what is explained here: > > http://ralphschindler.com/2009/08/13/dynamic-assertions-for-zend_acl-in-zf > > The demonstration that the code works is really nice, but it doesn't really > apply to how a framework (utilizing mvc) works. Or maybe i'm just on the > wrong track... > > i've created a RouteListener like this : > > > the method checkAcl then checks if you're allowed to do what you want to > do. > > The resource and action are determined like this: > > > And the role is determined by the identity stored in the session (which > implements Zend\Permissions\Acl\Role\RoleInterface) > > Following the example: how do i determine if a user is allowed to edit a > certain blog-post? By the time acl is doing it's checking, the controller > hasn't loaded the blogpost yet, so i'm not sure how to approach this. > Unless > i duplicate the retrieval of the blogpost in the assertion, but i'm hoping > that there is a better way. > > > > -- > View this message in context: > http://zend-framework-community.634137.n4.nabble.com/zf2-zend-acl-dynamic-assertions-when-how-to-load-the-resource-tp4660933.html > Sent from the Zend Framework mailing list archive at Nabble.com. > > -- > List: [email protected] > Info: http://framework.zend.com/archives > Unsubscribe: [email protected] > > >
