Thursday, August 25, 2011

How to use Zend ACL


This feature will be useful for the one who actually wants to control the user roles & privileges to access modules/action in the Zend Framework projects.

First create a class and define your roles and resources to be used.

Eg:

Roles: Admin, user, Guest
Resources: default, admin (in this eg resources are modules)

CLASS:
<?php

class MyAcl extends Zend_Acl
{
    	public function __construct()
    	{
        	// Resources
        	/* Default module */
	$this->add(new Zend_Acl_Resource('default'));
	/* Admin module */
	$this->add(new Zend_Acl_Resource('admin'));

	// Roles
	$this->addRole(new Zend_Acl_Role('Admin'))
	->addRole(new Zend_Acl_Role('User'), 'Admin')
	->addRole(new Zend_Acl_Role('Guest'));

	// Authorization
	$this->deny('Guest', 'admin');
	->allow(array('Admin', 'User', 'Guest'), array('default'))
	->allow(array('Admin', 'User'), array('admin'));
	}
}
?>

Next you need a plugin to check the routes and to autorize based on the roles & resources. If the route is not autorized it'll go to $_noauth at the same time if the role is not having access to resource it'll go to $_noacl. By default the role will be “Guest”.

PLUG-IN:

<?php

class Plugin_Auth extends Zend_Controller_Plugin_Abstract{

    
    private $_auth;
    private $_acl;

    private $_noauth = array ('module' => 'login', 'controller' => 'index', 'action' => 'index');   
    private $_noacl = array ('module' => 'default', 'controller' => 'error', 'action' => 'denied');
   
    public function __construct ()
    {
        $this->_auth = Zend_Auth::getInstance();      
        $this->_acl = new MyAcl();
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
              
            $role = 'Guest';
            if($this->_auth->hasIdentity())
            {
                $role = $this->_auth->getIdentity()->role;               
            }
            $controller = $request->controller;
            $action = $request->action;
            $module = $request->module;
	
	// Assign resource based on your requirements
            $resource = $module;

            if (!$this->_acl->has($resource))
            {
                $resource = null;
            }

            if (!$this->_acl->isAllowed($role, $resource, $action)) //$role, $resource, $action
            {
                if(!$this->_auth->hasIdentity())
                {
                    $module = $this->_noauth['module'];
                    $controller = $this->_noauth['controller'];
                    $action = $this->_noauth['action'];
                }
                else
                {
                    $module = $this->_noacl['module'];
                    $controller = $this->_noacl['controller'];
                    $action = $this->_noacl['action'];
                }
            }

            $request->setModuleName($module);
            $request->setControllerName($controller);
            $request->setActionName($action);
        }

    }
?>
Posted by at No comments:
Subscribe to: Posts (Atom)