Hi I would bind the creation/update/editing of your models to an ACL checking listener which can derive ACL parameters from the model(s) associations.
On Mon, Sep 9, 2013 at 11:01 AM, Martijn Korse <[email protected]> wrote: > Hi Michael > > Thanks for the response. However, i'm afraid it didnt really help. > Everything works fine, except the assertion-part. My Problem is this: > > 1. De resource (the blog-post) is loaded in the controller. This works fine. > 2. The acl-check is done _before_ the controller loads the blog-post. If i > don't use assertions, this works fine as well : the acl-check loads the > acl-config and determines that 'users' are allowed to access the 'edit' > action of the blogpostController. > 3. When i extend my acl-config to include an assertion for the edit action > (p.e. verifyOwnerAssertion) this works -> the assertion is called, BUT the > problem is here that the assertion needs to know which blogpost is requested > and then verify if the current user is allowed to edit it (the rule for that > would be that it needs to be his own blog post). But because the controller > hasnt loaded it yet i don't know how to feed this information to the > assertion. Of course i could modify the assertion in such a way that it > loads the blog-post, but that's not really something i want to do, as i'm > duplicating code that way. > > > > -- > View this message in context: > http://zend-framework-community.634137.n4.nabble.com/zf2-zend-acl-dynamic-assertions-when-how-to-load-the-resource-tp4660933p4660937.html > Sent from the Zend Framework mailing list archive at Nabble.com. > > -- > List: [email protected] > Info: http://framework.zend.com/archives > Unsubscribe: [email protected] > > -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
