Scribd
Upload
34 views3 pages

Zend ACL Role Management Guide

The document discusses access control and authorization using the Zend Framework's Zend_Acl component. It shows how to define roles, resources, and allow/deny access rules. Roles can inherit permissions from other roles. The null value is used in allow() to indicate rules apply to all resources. Examples demonstrate checking access for various roles.

Uploaded by

World Sports 24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views3 pages

Zend ACL Role Management Guide

The document discusses access control and authorization using the Zend Framework's Zend_Acl component. It shows how to define roles, resources, and allow/deny access rules. Roles can inherit permissions from other roles. The null value is used in allow() to indicate rules apply to all resources. Examples demonstrate checking access for various roles.

Uploaded by

World Sports 24
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

1-----

<?php
require_once 'Zend/Acl.php';
$acl = new Zend_Acl();

require_once 'Zend/Acl/Role.php';
$acl->addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('member'))
->addRole(new Zend_Acl_Role('admin'));

$parents = array('guest', 'member', 'admin');


$acl->addRole(new Zend_Acl_Role('someUser'), $parents);

require_once 'Zend/Acl/Resource.php';
$acl->add(new Zend_Acl_Resource('someResource'));

$acl->deny('guest', 'someResource');
$acl->allow('member', 'someResource');

echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';

[When specifying multiple parents for a Role, keep in mind that the last parent listed is the first one
searched for rules applicable to an authorization query.]

Until a developer specifies an "allow" rule, Zend_Acl denies access to every privilege upon every
Resource by every Role.

Table 2.1. Access Controls for an Example CMS

Name Unique permissions Inherit permissions from


Guest View N/A
Staff Edit, Submit, Revise Guest
Editor Publish, Archive, Delete Staff
Administrator (Granted all access) N/A

2-----

<?php
require_once 'Zend/Acl.php';
$acl = new Zend_Acl();

// Add groups to the Role registry using Zend_Acl_Role


require_once 'Zend/Acl/Role.php';

// Guest does not inherit access controls


$roleGuest = new Zend_Acl_Role('guest');
$acl->addRole($roleGuest);

// Staff inherits from guest


$acl->addRole(new Zend_Acl_Role('staff'), $roleGuest);

/* alternatively, the above could be written:


$acl->addRole(new Zend_Acl_Role('staff'), 'guest');
//*/

// Editor inherits from staff


$acl->addRole(new Zend_Acl_Role('editor'), 'staff');

// Administrator does not inherit access controls


$acl->addRole(new Zend_Acl_Role('administrator'));

// Guest may only view content


$acl->allow($roleGuest, null, 'view');

/* alternatively, the above could be written:


$acl->allow('guest', null, 'view');
//*/

// Staff inherits view privilege from guest, but also needs additional
privileges
$acl->allow('staff', null, array('edit', 'submit', 'revise'));

// Editor inherits view, edit, submit, and revise privileges from staff,
// but also needs additional privileges
$acl->allow('editor', null, array('publish', 'archive', 'delete'));

// Administrator inherits nothing, but is allowed all privileges


$acl->allow('administrator');

The null values in the above allow() calls are used to indicate that the allow rules apply to all
Resources.

echo $acl->isAllowed('guest', null, 'view') ?


"allowed" : "denied"; // allowed

echo $acl->isAllowed('staff', null, 'publish') ?


"allowed" : "denied"; // denied

echo $acl->isAllowed('staff', null, 'revise') ?


"allowed" : "denied"; // allowed

echo $acl->isAllowed('editor', null, 'view') ?


"allowed" : "denied"; // allowed because of inheritance from guest

echo $acl->isAllowed('editor', null, 'update') ?


"allowed" : "denied"; // denied because no allow rule for 'update'

echo $acl->isAllowed('administrator', null, 'view') ?


"allowed" : "denied"; // allowed because administrator is allowed all
privileges

echo $acl->isAllowed('administrator') ?
"allowed" : "denied"; // allowed because administrator is allowed all
privileges

echo $acl->isAllowed('administrator', null, 'update') ?


"allowed" : "denied"; // allowed because administrator is allowed all
privileges

To create a data base according to zend menual-----zf1/data/db-----Create emty guestbook.db,


guestbook_dev.db, guestbook_testing.db

Create zf1/scripts/

Then run zf1/scripts/php load.sqlite.php

You might also like