1, authorisation is the process of allowing a logged in user access to a specific
resource. There are many ways of doing this, but a flexible and standard method is to employ role-based
access control lists. The Zend Framework provide Zend_Acl to take care of this for us.
NOTE
There is a lot of jargon when talking about authorisation. The key ones are:
??? Role: a grouping of users
??? Resource: something to protect, such as a controller action or a data record such as a news item.
??? Privilege: The type of access to required. Such as read or edit
Access control lists are a very flexible solution to access control; hence it is quite hard to understand how to
apply the theory to the real world problem that you have. Figure 6.4 shows how the three main pieces of the
puzzle are related.
Figure 6.4. The relationship between the pieces of the ACL puzzle
This is just one way that ACL can be used to provide access to a resource, controller actions in this case.
We??™ll start with a look at Zend_Acl and then move onto applying ACL to control access to different controller
actions. Finally we will look at access control at the database level.
6.4.1 Introducing Zend_Acl
Using Zend_Acl is deceptively simple in theory. You create some roles and resources, set up the required
permissions and call the isAllowed() function.
Pages:
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200