compared with
Current by Darby Felton
on Sep 28, 2007 14:53.

Key
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (20)

View Page History
<h1>USAGE</h1>

h1. USAGE
<p>There are two valid methods I've identified for using ACL within an application.</p>

There are two valid methods I've identified for using ACL within an application.
<h2>1) ACL as a service</h2>
<ac:macro ac:name="code"><ac:plain-text-body><![CDATA[

h2. 1) ACL as a service
{code}

$acl = new Zend_Acl();
$acl->addRole(..)
->allow(..); // rules

{code}
]]></ac:plain-text-body></ac:macro>

<p>This method lends itself to easy-of-programming, and a simpler approach to Acl. Generally speaking, the type of querying on this type of Acl can be done from anywhere, but it does limit itself to use of simple objects (strings or objects implementing the Role/Resource_interfaces). To be used with application models, the Role_Interface would generally be appended to the User model, and likewise for any "Resources" &quot;Resources&quot; or resource-type models that might exist in a system. This method also falls short if you plan on using Assertions to do any fine grained (identifier level) acl querying with the applications models.</p>

h2. 2) ACL as an application model
{code}
<h2>2) ACL as an application model</h2>
<ac:macro ac:name="code"><ac:plain-text-body><![CDATA[

class MyModule_Acl extends Zend_Acl
$acl = new Module_Acl();

{code}
]]></ac:plain-text-body></ac:macro>

<p>This method is more full fledged. In a sense, the ACL has become a model within the application itself. Consider this a more "model purist" &quot;model purist&quot; method for ACL deployment. What this means is that since ALC has become a model, and since you have implemented your own isAllowed, you can then use composition to introduce your business level models to your ACL (application level model).</p>

<p>To understand using composition, imagine this Acl Model</p>
{code}
<ac:macro ac:name="code"><ac:plain-text-body><![CDATA[
class MyModule_Acl_Role_User implements Zend_Acl_Role_Interface
{
}
}
]]></ac:plain-text-body></ac:macro>
{code}
<h1>REFERENCES</h1>

<ul>
<li><a href="http://framework.zend.com/issues/browse/ZF-1722">ZF-1722 Zend_Acl assertions broken when inheritance is required (ie DepthFirstSearch)</a></li>
</ul>