我正在尝试在zend框架中构建一个基于组的acl。基本上会有三个角色:管理员,访客和用户。并且用户角色将有不同的组。它是如何工作的我有一个模块/控制器的检查列表和操作使用检查列表管理员将被允许创建组。组可以是类似编辑器的东西(角色也可以是编辑用户)。该组将保存在表组(group_id,group_name)的数据库中,所选资源将保存在表资源(resource_id,resource,group_id)中。资源将以某种形式保存,例如module:controller:action(例如:user:user:login)
我想知道的是,我想要做的是正确的方法,如果它有开销或任何你可以发布的建议。
class App_AccessCheck extends Zend_Controller_Plugin_Abstract{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if(!$this->_acl->isAllowed(Zend_Registry::get('role'),"Controller","Action")){
$request->setModuleName('user')
->setControllerName('user')
->setActionName('login');
}
}
class App_Acl extends Zend_Acl
{
public function __construct()
{
$this->addRole(new Zend_Acl_Role('guest'));
$this->addRole(new Zend_Acl_Role('user'));
$this->addRole(new Zend_Acl_Role('admin'));
$this->add(new Zend_Acl_Resource('Controller'))
->add(new Zend_Acl_Resource('Controller'), 'Action');
$resource = new App_Resource();
$params = $resource->getResource();
$this->allow('user', 'Controller', 'Action', new App_ActionAssertion($params));
}
public function isAllowed($role = null, $resource = null, $privilege = null)
{
// by default, undefined resources are allowed to all
if (!$this->has($resource)) {
$resource = 'nullresources';
}
return parent::isAllowed($role, $resource, $privilege);
}
}
class App_Resource extends Zend_Controller_Request_Abstract{
protected $params;
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$params = $module.":".$controller":".$action;
$this->setParams($params);
}
public function getParams()
{
return $params;
// String representing current module:controller:action
}
}
class App_ActionAssertion implements Zend_Acl_Assert_Interface
{
//this class will check the access of the group to the particular resource in the database table: resource based on the params passed
//admin will be allowed all privilege
//return true/false
}