I've been able to come up with a working solution, using the doctrine events. Within these events i do an (additional) acl->isAllowed() call which will trigger the assertion, but this time with the resource that is a doctrine entity. It works ... but i'm not really happy with it: 1) I have to inject my service manager into the doctrine entities. I've been able to simplify this by letting every entity extend an abstract one and inject it into to that .. but still... I would prefer it if i wouldn't have to bother those entities with it. I like to keep them as plain and simple as possible. Then again, this is not a huge problem and something i'm willing to overlook. What i find a much bigger problem 2) The acl-decision was in a central place and now it's getting fragmented. Also: it will be called when the RouteListener intercepts the request and later /again /when the doctrine event intercepts the entity being loaded. The first time i have to /allow/ it, because it lacks the necessary information (the second time it finally does have all the information and i can let the code make a proper decision); this feels wrong. 3) I have to make my doctrine entities aware of what identities are, since i have to pass it on as a role - this is not really something i want in my entity objects. Also, it's getting messy because there are public parts (without identities) and parts behind a login (with identities) that all use the same doctrine entities. 4) And the biggest of my problems: what do i do when acl decides it's not allowed? I don't want to put this logic in my assertion nor in my entity. This is controller-logic. I guess i could throw an Exception and equip my controllers with logic to handle it, but then again: i already have a perfectly good piece of code in my RouteListener. It feels wrong having to reach the same conclusions in my controllers - even if i manage to centralize the actual logic behind it.
Is there really no better way to tackle this? It really feels like a messy work-around with a lot of drawbacks. Or am i simply not implementing it correctly? -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/zf2-zend-acl-dynamic-assertions-when-how-to-load-the-resource-tp4660933p4661603.html Sent from the Zend Framework mailing list archive at Nabble.com. -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
