CHAPTER 17 ■ THE ZEND FRAMEWORK APPLIED^265Implementing Access Control
Now that you have a handle on plug-ins, helpers, and the various parts of the request cycle, it’s
time to talk about access control. Zend_Acl is a powerful but decidedly confusing component
that allows you to define the actions that a user is authorized to take on your web site.
While Zend_Acl can be used independently of plug-ins and helpers, it’s far more powerful
as a complete solution. It is a robust access system consisting of an inherited role assignment
with both resource- and permission-level controls. Here, we’ll look exclusively at resource-
level control for simplicity.
For this example, you will create a basic subscription-area type web site where a specific
controller is off-limits to guests but accessible to members. This controller will forward unau-
thenticated users to a login page. To achieve, this you will need a basic access control list (ACL),
like the one shown in Listing 17-7.Listing 17-7. ACL Bootstrap (index.php)$acl = new Zend_Acl();//Create guest role
$acl->addRole(new Zend_Acl_Role('guest'));//Create members role, inheriting guest
$acl->addRole(new Zend_Acl_Role('member'), 'guest');//Add a resource for the index controller
$acl->add(new Zend_Acl_Resource('index'));//Add a resource for the articles controller
$acl->add(new Zend_Acl_Resource('articles'));//Allow guest access to the index controller
$acl->allow('guest', 'index');//Deny guest article access, but allow members
$acl->deny('guest', 'articles');
$acl->allow('member', 'articles');Next, you will need to create an articles controller and a view for it, as shown in Listings 17-8
and 17-9.Listing 17-8. Articles Controller (ArticlesController.php.)<?php
class ArticlesController extends Zend_Controller_Action {
public function indexAction() {}
}McArthur_819-9.book Page 265 Friday, February 29, 2008 8:03 AM