Skip to end of metadata
Go to start of metadata

<h1>Zend_Acl 2.0 Roadmap</h1>

<p><em>Placeholder for commenting. Maybe some Zendy (sorry, if you don't like that term <ac:emoticon ac:name="wink" />) want to fill this page initially?</em></p>

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
  1. Nov 13, 2009

    <h5>Manage resources and rules in separate registries</h5>

    <p>As roles are already managed in a registry, resources and rules should be as well. This allows easy swapping of them for things like persistent storage. The acl should still act as facade to keep things consistent.</p>

    <h5>Multiple resource inheritance</h5>

    <p>I did never understand why resources may only inherit from one other resource. Although I don't have a use case at my fingertips this might be useful for someone.</p>

    <h5>Implementation</h5>

    <p>As at least PHP 5.3.0 will be required this component should make great use of the SPL (stack and queue). See <a class="external-link" href="http://pastebin.com/f4e9a7db5">http://pastebin.com/f4e9a7db5</a> for an excerpt from my implementation (used arrays to keep things backwards compatible).</p>

    <p>Some time has passed since I've written this thing and I'm currently not up-to-date on implementations (hopefully will have more time from now/soon on) so I will note other small things as soon as I updated myself.</p>

  2. Dec 27, 2009

    <p>I concur on multiple inheritance for a resource. We need to do workarounds so the ACL work without them...</p>

  3. Jan 18, 2010

    <p>A user belonging to multiple roles is a common implementation of RBAC. I think we can modify Zend_Acl_Role_Interface to have the method getRoleIds() instead of having getRole() method.</p>

    <p>And then we could iterate each role to check if access is allowed. </p>