Studyon Minte9.com
ZF 1.0




Modules



#Application/config/acl.ini
acl.roles.guest = null
acl.roles.user = guest
acl.roles.admin = user
;acl.resource.allow.module.controller.action
acl.resources.allow.all.frontend.all = guest 
acl.resources.allow.all.useraccount.all = user
acl.resources.allow.all.admin.all = admin
acl.resources.allow.comment.useraccount.add = guest
acl.resources.deny.comment.useraccount.delete = guest

#Application/Plugin/Acl.php
<?php
...
	# TESTING MODULES - ALL
		
	public function initAcl() {
		
		$config = new Zend_Config_Ini('Application/config/acl.ini', 'acl');
		$roles = $config->acl->roles;
		$resources = $config->acl->resources;

		$this->_addRoles($roles);
		$this->_addResources($resources);
	}
	
	public function _addRoles($roles) {

		// roles (user => guest (parent))
		foreach ($roles as $role => $parents) {
		    
		if (!$this->_acl->hasRole($role)) {

			// no role parent
			if (empty($parents)) {
			    $parents = null;
			} else {
			    $parents = explode(',', $parents);
			}

			// add Role
			$this->_acl->addRole(new Zend_Acl_Role($role), $parents);
		     }
		}
	}

	public function _addResources($resources) {
		
		$front = Zend_Controller_Front::getInstance();
		$modules_ALL = $front->getControllerDirectory();
		
		//var_dump($resources->toArray);die;
		
		//for case with "all" modules, add to resources all modules
		//ex: acl.resources.allow.all.frontend.all = guest (add modules: default, comment, etc
		$resources_ALL = array();
		foreach ($resources as $permission => $modules) { //resources (allow/deny)
			$tmp = array();
			foreach($modules as $module=>$controller) { // modules (all, comment)
				if ($module == "all") {
					foreach($modules_ALL as $k=>$v) { // module=>path
						$tmp[] = array($k => $controller);
					}
				} else {
					$tmp[] = array($module => $controller);
				}
			}
			$resources_ALL[$permission] = $tmp;
		}

		//var_dump($resources_ALL); die;

		foreach ($resources_ALL as $permission => $rows) { // permisions (allow, deny)

			foreach($rows as $modules) { // 0 => array(), 1 => array()
		
				foreach ($modules as $module => $controllers) { // modules (default, users)
				
					foreach ($controllers as $controller => $actions) { // controllers (frontend, useraccount)
						
						$resource = $module.":".$controller; // resource (default:frontend)
						
						foreach ($actions as $action => $role) { // actions (auth => user)

							// add Resource
							if (!$this->_acl->has($resource)) {
								$this->_acl->add(new Zend_Acl_Resource($resource));
							}
							
							$privilege = ($action == 'all') ? null : $action;

							// allow Permision
							if ($permission == 'allow') {
								$this->_acl->allow($role, $resource, $privilege);
							}

							// deny Permission
							if ($permission == 'deny') {
								$this->_acl->deny($role, $resource, $privilege);
							}

							//echo "<br>".$permission.":".$resource.":".$privilege.":".$role;
						}
					}
				}
			}
			
		}

        
    }

	public function preDispatch(Zend_Controller_Request_Abstract $request) {
		
		// ??? frontend:module:action
		//http://joe.topjian.net/post/483759115/my-zend-acl-implementation

		$role = "guest";
		$resource = "comment:useraccount";
		$privilege = "delete";

		if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
			die('denied');
		} else {
			die('allowed');
		}
	}


http://joe.topjian.net/post/483759115/my-zend-acl-implementation