(^266) CHAPTER 17 ■ THE ZEND FRAMEWORK APPLIED
Listing 17-9. ArticlesController View (/view/scripts./articles/index.phtml)
This is secret
Now for the fun part. In your library, create a plug-in called YourPrefix_ControllerPlugin
Security and place it in /usr/share/php/YourPrefix/library/YourPrefix/Controller/Plugin/
Security.php. This plug-in should look like Listing 17-10.
Listing 17-10. An ACL and Auth Combined Plug-in
class YourPrefix_Controller_Plugin_Security
extends Zend_Controller_Plugin_Abstract
{
protected $_acl;
//Take the bootstrapped ACL at plugin registration
public function __construct($acl) {
$this->_acl = $acl;
}
//Hook into the dispatchLoopStartup event
public function dispatchLoopStartup($request) {
//Get an instance of Zend_Auth and set the default role to guest.
$auth = Zend_Auth::getInstance();
$role = 'guest';
//If the user is logged in, get their role identifier from db row
if($auth->hasIdentity()) {
$role = $auth->getIdentity()->role;
}
//The resource name is the controller name
$resource = $request->getControllerName();
//If the controller isn't under ACL, ignore access control
if($this->_acl->has($resource)) {
//Check role has access to resource
if(! $this->_acl->isAllowed($role, $resource) ) {
//No access
//Back up the original request URI
$session = new Zend_Session_Namespace('ACLSecurity');
$session->originalRequestUri = $request->getRequestUri();
McArthur_819-9.book Page 266 Friday, February 29, 2008 8:03 AM
vip2019
(vip2019)
#1