Pages

Sunday 8 July 2012

Zend_ACL

Zend_Acl provides lightweight and flexible access control list (ACL) functionality and privileges management. In general, an application may utilize such functionality to control access to certain protected objects by other requesting objects.


Resource
 creating a Resource is very simple. Zend_Acl provides Zend_Acl_Resource_Interfaceto facilitate developers' creating Resources. A class need only implement this interface, which consists of a single method, getResourceId();


Role
Zend_Acl providesZend_Acl_Role_Interface to facilitate developers' creating Roles. A class need only implement this interface, which consists of a single method, getRoleId(), in order for Zend_Acl to consider the object to be a Role.  In Zend_Acl, a Role may inherit from one or more Roles. This is to support inheritance of rules among Role.

Example of ACL
<?php
require_once 'Zend/Acl.php';
$acl = new Zend_Acl();

require_once 'Zend/Acl/Role.php';
$acl->addRole(new Zend_Acl_Role('guest'))
    ->addRole(new Zend_Acl_Role('member'))
    ->addRole(new Zend_Acl_Role('admin'));

$parents = array('guest', 'member', 'admin');
$acl->addRole(new Zend_Acl_Role('someUser'), $parents);

require_once 'Zend/Acl/Resource.php';
$acl->add(new Zend_Acl_Resource('someResource'));

$acl->deny('guest', 'someResource');
$acl->allow('member', 'someResource');

echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';//allowed
?>


// Guest may only view content of all controller, Here 'view' can be an array having all the function which guest may access. null can be a string or an array, Here Null means all controller

$acl->allow($roleGuest, null, 'view');


// Here no controller or action is given, it means Administrator is allowed all privileges
$acl->allow('administrator');


// Remove the denial of revising latest news to staff 
$acl->removeDeny('staff', 'latest', 'revise');

Assertions
Sometimes a rule for allowing or denying a Role access to a Resource should not be absolute but dependent upon various criteria. For example, suppose that certain access should be allowed, but only between the hours of 8:00am and 5:00pm. Another example would be denying access because a request comes from an IP address that has been flagged as a source of abuse.

<?php
require_once 'Zend/Acl/Assert/Interface.php';

class CleanIpaddressAssertion implements Zend_Acl_Assert_Interface
{
    public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null,
                           Zend_Acl_Resource_Interface $resource = null, $privilege = null)
    {
        return $this->_isCleanIP($_SERVER['REMOTE_ADDR']);
    }

    protected function _isCleanIP($ip)
    {
        // ...
    }
}




$acl->allow(null, null, null, new CleanIpaddressAssertion());




















Posted by at
Labels:

No comments:

Post a Comment

Please add comments only related to zend framework certification.

Subscribe to: Post Comments (Atom)