By Aldemar Bernal
So, what is wrong with Zend_Acl and the current MVC implementation in the Zend Framework? there is nothing wrong, it is just that it gets not too obvious for developers how to achieve an optimal integration between these two important parts of the framework.
First at all, this article is based on the following Zend Framework Proporsal (link), by this moment this proposal is in Pending Recommendation state.
Well, how it works? There are two key components in this proposal:
- A Front Controller Plugin: This component resolves if the current user has access to the page which is being opened.
- An Action Helper: This component allows you to check whether the current user has access inside a controller.
Based on these two components, let's try them with an example. Let's talk about a website like DevZone, we would need a controller that work with the user management and another one which will deal with article management, as well we need 3 types of users (roles), one for guests, one for writers and another one which will approve the articles; resuming, we have:
- user controller.
- article controller.
Setting up the Zend_Acl component
After defined what we want to do, the next step will create a Zend_Acl instance which will reflect our model.
/** Creating the ACL object */
$myAcl = new Zend_Acl();
Creating the roles
Now we create the roles in our Zend_Acl instance.
/** Creating Roles */
->addRole(new Zend_Acl_Role('writer'), 'guest')
->addRole(new Zend_Acl_Role('admin'), 'writer');
Creating the resources
And then we create the resources needed (one per controller) and their relationship with the roles we created.
/** Creating resources */
Creating the permissions
Now that we added the roles and resources to our Zend_Acl instance, it's time to explain what actions must be available to which roles.
- Guest won't have access to edit, add or approve an article.
- Writer won't have access to approve an article.
- Admin will have complete access.
/** Creating permissions */
->allow('guest', 'article', 'view')
->allow('writer', 'article', array('add', 'edit'))
->allow('admin', 'article', 'approve');
Creating the access denied view file
We will need to create a view and an action which will address all those denied users, in order to do it, first we create a new action in our error controller:
class ErrorController extends Zend_Controller_Action
public function deniedAction()
And then we create our view file (/application/views/scripts/error/denied.phtml) with some warning message:
<p>You are trying to access an area which you have not allowed.</p>
Finishing the configuration
Okay, we have setup our Zend_Acl configuration, so far, it doesn't look like something new, but the next step is register the controller plugin, this important part takes the Zend_Acl instance we created and then validates it against the current page being accessed by an user.
/** Setting up the front controller */
$front = Zend_Controller_Front::getInstance();
/** Registering the Plugin object */
$aclPlugin = new Zend_Controller_Plugin_Acl($myAcl);
$front->registerPlugin(new Zend_Controller_Plugin_Acl($acl, 'guest'));
/** Dispatching the front controller */
After this configuration is done, once an user enters in our application, depending the role he/she has the page will be displayed or an access denied page will be displayed.