-
Notifications
You must be signed in to change notification settings - Fork 0
AccessControl
When developing our system, we want control of who can access what resources. This is one implementation of the Zend libraries and we encourage you to take a look at syntax [http://framework.zend.com/manual/1.12/en/zend.acl.refining.html here].
Adding new roles is simple using the function addRole(). We've specified the role 'Anonymous' to refer to any user that hasn't logged in.
Because we would like a hierarchical structure to our permissions system, when we add a new role, we typically give it all the permissions of the role below.
$ZEND_ACL = new Acl();
$ZEND_ACL->addRole(new Role('Anonymous'))
->addRole(new Role('Public'), 'Anonymous');This means that we have two roles Anonymous and Public which doesn't really mean much yet, but Public has all of the permissions of Anonymous.
Declare a resource for each controller. Action functions do not need to be declared.
<?php
$ZEND_ACL->addResource(new Resource('index')); // IndexController
$ZEND_ACL->addResource(new Resource('people')); // PeopleControllerArrays are very useful in setting permissions especially if you are consistent with your naming conventions. Let's say we have these pages:
- whatever.com/index/index
- whatever.com/index/view
- whatever.com/people/index
- whatever.com/people/view
I want anyone to view and access my index controller, but only users recognized as Public should have access to the people controllers index and view functions.
<?php
$ZEND_ACL->allow( null, ['index' ], ['index', 'view']);
$ZEND_ACL->allow('Public', ['people'], ['index', 'view']);- Models
- Controllers
- Front Controller
-
Templates
- Partials
- Helpers
- Assets
- Blocks
- Coding Style
- Accessibility (Section 508)
- Progressive Enhancement
- Unobtrusive Javascript