To do this we need to look at the concept of privileges. A privilege is
the type of access required. Typically, privileges are based around the operations that will be performed, so
have names like ???view???, ???create???, ???update???, etc.
Zend_Acl has two functions for setting permissions: allow() and deny(). We start off in state where all
roles are denied access to all resources. The allow() function then provides access to a resource for a role and
deny() and remove a subset of the allowed access for a particular case. Inheritance also comes into play here as
permissions set for a parent role will cascade to child roles.
Let??™s look at an example:
Licensed to Menshu You
Please post comments or corrections to the Author Online forum at
http://www.manning-sandbox.com/forum.jspa?forumID=329
$acl->allow('members', 'forum', 'view');
$acl->allow('moderators', 'forum', array('moderate', 'blacklist');
In this example we have given view privileges to the member role for the forum resource and then have
given the additional privileges of moderate and blacklist to the moderator role which also has view privileges
as moderator is a child of member.
We have now looked at the building blocks of Zend_Acl and the key components of its API, so we can
now look at how to integrate it into a real Zend Framework application.
Pages:
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203