Home/ Questions/Q 914937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T17:48:08+00:00

I’m contemplating using Zend_ACL. However, to me it looks like you create roles and

  • 0

I’m contemplating using Zend_ACL. However, to me it looks like you create roles and then give those roles permissions to controllers and actions they can or cannot access.

However, to me that seems fairly limited. I have created a user permission system in the past where I stored the user_id, the module, the controller and the action they can access, however I never gave them a group. Therefore it was a per user, per module, per controller, per action basic on what they could access.

So! I’m wondering if I wanted to be less limited by groups that I should give the user a group and set those group permissions by default. Then load my user specific roles and over write the roles set by the default group: is that how you guys would do it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thanks for your feedback guys, however I decided to create my own. In case anyone’s interested:

    public function verify($controller=NULL, $action='index', $module='administration') {

    if ((isset($this->object[$module]['all']) && is_string($this->object[$module]['all'])) || isset($this->object[$module][$controller][$action]) || (isset($this->object[$module][$controller]) && is_string($this->object[$module][$controller]))) {
        return true;
    }
}

public static function check($values) {

    $module         = $values['module']     ? $values['module']     : 'administration';
    $controller     = $values['controller'] ? $values['controller'] : 'index';
    $action         = $values['action']     ? $values['action']     : 'index';
    $user_id        = $values['user_id'];

    $db    = Zend_Registry::get('dbAdapter');
    $query = $db->prepare(" 
        SELECT * 
        FROM `".self::table_name."` 
        WHERE 
            (
                (`module` = :module AND `controller` = :controller AND `action` = :action) OR
                (`module` = :module_2 AND `controller` = :controller_2 AND `action` = '') OR 
                (`module` = :module_3 AND `controller` = '' AND `action` = '')
            )
        AND enabled = 1 
        AND user_id = :user_id      
        ");

    $query->bindValue('module',         $module);
    $query->bindValue('module_2',       $module);
    $query->bindValue('module_3',       $module);
    $query->bindValue('controller',     $controller);
    $query->bindValue('controller_2',   $controller);
    $query->bindValue('action',         $action);
    $query->bindValue('user_id',        $user_id);

    $query->execute();
    $item = $query->fetch(PDO::FETCH_OBJ);
    $query->closeCursor();

    if (is_object($item)) {
        return $item;
    } else {
        throw new exception("Could not load user permission for this page ($module, $controller, $action)");
    }
}

    and in the view:

        <?php if ($this->user_permissions->verify('movie')) { ?>
        <li class="parent">
            <img src="/design/images/icon/dvd.png" /> <span class="highlighter"><a href="/administration/movie/index">Movie</a></span>
            <?php if ($this->user_permissions->verify('movie', 'add')) { ?>
                 | <a href="/administration/movie/add">Add</a>
            <?php } ?>
            <?php if ($this->user_permissions->verify('movie', 'featured')) { ?>
                <ul>
                    <li>
                        <img src="/design/images/icon/order.png" /> <a href="/administration/movie/featured">Order Featured</a>
                    </li>
                </ul>
            <?php } ?>
        </li>
    <?php } ?>
    • 0