|

»

»

Zend Framework Community

»

ACL Roles / Resources

View: New views

4 Messages — Rating Filter: Alert me

	ACL Roles / Resources by Joseph Crawford :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The Reference manual is a bit daunting when it comes to how to implement this. I understand how to use the stuff based on the examples the question I have is where all this goes. Is this put in the bootstrap file? Does each controller need to have the ACL defined in there? The reason I ask is because I might have these actions for a blog (view, edit, delete, approve) but I might also have those actions for blog comments. I might not want a user who has full privileges for the blog to be able to do anything on the blog comments. Anyone know of a good tutorial / walkthrough that will show me these things and hopefully answer these questions? Thanks, Joseph Crawford
	Re: ACL Roles / Resources by David Toniolo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message hello Joseph, i think you have to make an overview about your modules,controllers and actions, so after that, you have your ACL resources (module + controller = resource) and your privileges (actions). Example: There are 2 classes: BlogController, BlogCommentController and each class has the following methods: viewAction, editAction, deleteAction, approveAction. So, the resources for your ACL object are "blog" and "blog-comment". The dash is important, because of camelCased name "BlogComment" and the zf method getControllerName() returns a dash seperated string for camelCase. Ok, so each Controller represents its own resource and they have the same actions (ACL privileges). Zend_Acl will not give "delete" access to a resource "blog", if there is "delete" access to a resource "blog-comment". They are different things. greets, David Joseph Crawford wrote: The Reference manual is a bit daunting when it comes to how to implement this. I understand how to use the stuff based on the examples the question I have is where all this goes. Is this put in the bootstrap file? Does each controller need to have the ACL defined in there? The reason I ask is because I might have these actions for a blog (view, edit, delete, approve) but I might also have those actions for blog comments. I might not want a user who has full privileges for the blog to be able to do anything on the blog comments. Anyone know of a good tutorial / walkthrough that will show me these things and hopefully answer these questions? Thanks, Joseph Crawford
	Re: ACL Roles / Resources by David Mintz-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You might also want to read about the plugin architecture. A plugin is a good place to do things you know you're gonna want to do with every request, so you don't have to repeat yourself, e.g., in multiple controllers' init() methods. http://framework.zend.com/manual/en/zend.controller.plugins.html On Thu, May 15, 2008 at 5:43 PM, David Toniolo <davidtoniolo@...> wrote: hello Joseph, i think you have to make an overview about your modules,controllers and actions, so after that, you have your ACL resources (module + controller = resource) and your privileges (actions). Example: There are 2 classes: BlogController, BlogCommentController and each class has the following methods: viewAction, editAction, deleteAction, approveAction. So, the resources for your ACL object are "blog" and "blog-comment". The dash is important, because of camelCased name "BlogComment" and the zf method getControllerName() returns a dash seperated string for camelCase. Ok, so each Controller represents its own resource and they have the same actions (ACL privileges). Zend_Acl will not give "delete" access to a resource "blog", if there is "delete" access to a resource "blog-comment". They are different things. greets, David Joseph Crawford wrote: > > The Reference manual is a bit daunting when it comes to how to > implement this. > > I understand how to use the stuff based on the examples the question I > have is where all this goes. Is this put in the bootstrap file? > Does each controller need to have the ACL defined in there? > > The reason I ask is because I might have these actions for a blog > (view, edit, delete, approve) but I might also have those actions for > blog comments. > I might not want a user who has full privileges for the blog to be > able to do anything on the blog comments. > > Anyone know of a good tutorial / walkthrough that will show me these > things and hopefully answer these questions? > > Thanks, > Joseph Crawford > > -- View this message in context: http://www.nabble.com/ACL-Roles---Resources-tp17261893p17263210.html Sent from the Zend Framework mailing list archive at Nabble.com. -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness
	RE: ACL Roles / Resources by rcastley :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message RE: [fw-general] ACL Roles / Resources Hi, I don't know if my simple tutorial will help: http://framework.zend.com/wiki/display/ZFUSER/Using+Zend_Acl+with+a+database+backend - Robert -----Original Message----- From: Joseph Crawford [codebowl@...] Sent: 15 May 2008 21:33 To: fw-general@... Subject: [fw-general] ACL Roles / Resources The Reference manual is a bit daunting when it comes to how to implement this. I understand how to use the stuff based on the examples the question I have is where all this goes. Is this put in the bootstrap file? Does each controller need to have the ACL defined in there? The reason I ask is because I might have these actions for a blog (view, edit, delete, approve) but I might also have those actions for blog comments. I might not want a user who has full privileges for the blog to be able to do anything on the blog comments. Anyone know of a good tutorial / walkthrough that will show me these things and hopefully answer these questions? Thanks, Joseph Crawford ________________________________________________________________________ This email has been scanned for all known viruses by the MessageLabs Email Security Service and the Macro 4 plc internal virus protection system. ________________________________________________________________________ ________________________________________________________________________ This email has been scanned for all known viruses by the MessageLabs Email Security Service and the Macro 4 plc internal virus protection system. ________________________________________________________________________