This feature will be useful for the one who actually wants to control the user roles & privileges to access modules/action in the Zend Framework projects.
First create a class and define your roles and resources to be used.
Eg:
Roles: Admin, user, Guest
Resources: default, admin (in this eg resources are modules)
CLASS:
<?php class MyAcl extends Zend_Acl { public function __construct() { // Resources /* Default module */ $this->add(new Zend_Acl_Resource('default')); /* Admin module */ $this->add(new Zend_Acl_Resource('admin')); // Roles $this->addRole(new Zend_Acl_Role('Admin')) ->addRole(new Zend_Acl_Role('User'), 'Admin') ->addRole(new Zend_Acl_Role('Guest')); // Authorization $this->deny('Guest', 'admin'); ->allow(array('Admin', 'User', 'Guest'), array('default')) ->allow(array('Admin', 'User'), array('admin')); } } ?>
Next you need a plugin to check the routes and to autorize based on the roles & resources. If the route is not autorized it'll go to $_noauth at the same time if the role is not having access to resource it'll go to $_noacl. By default the role will be “Guest”.
PLUG-IN:
<?php class Plugin_Auth extends Zend_Controller_Plugin_Abstract{ private $_auth; private $_acl; private $_noauth = array ('module' => 'login', 'controller' => 'index', 'action' => 'index'); private $_noacl = array ('module' => 'default', 'controller' => 'error', 'action' => 'denied'); public function __construct () { $this->_auth = Zend_Auth::getInstance(); $this->_acl = new MyAcl(); } public function preDispatch(Zend_Controller_Request_Abstract $request) { $role = 'Guest'; if($this->_auth->hasIdentity()) { $role = $this->_auth->getIdentity()->role; } $controller = $request->controller; $action = $request->action; $module = $request->module; // Assign resource based on your requirements $resource = $module; if (!$this->_acl->has($resource)) { $resource = null; } if (!$this->_acl->isAllowed($role, $resource, $action)) //$role, $resource, $action { if(!$this->_auth->hasIdentity()) { $module = $this->_noauth['module']; $controller = $this->_noauth['controller']; $action = $this->_noauth['action']; } else { $module = $this->_noacl['module']; $controller = $this->_noacl['controller']; $action = $this->_noacl['action']; } } $request->setModuleName($module); $request->setControllerName($controller); $request->setActionName($action); } } ?>