ACL implementation based on variable and not static roles

Question

I would like to use Zend's ACL (Zend\Permissions\Acl) not (only) based on static roles but also on (variable) user points.

In my application every user has points. A resource has a minimum of points needed to view it. Access to a resource should be based on the number of points the user currently has.

Example

Resources:

• Resource 1: 20 points
• Resource 2: 100 points
• Resource 3: 150 points

Users:

• User 1: 70 points => Access to resource 1
• User 2: 135 points => Access to resources 1, 2
• User 3: 170 points => Access to resources 1, 2, 3

What would be the best way to do this?

My thoughts so far

1. Create ACL object dynamically for the currently logged in user based on his points (set each $acl->allow() based on points). This isn't clean.
2. Create a generic ACL and somehow pass the user's points (I managed to do it with assertions. See my answer below.)
3. Some (possibly easier/cleaner) way suggested here...

I would greatly appreciate a push in the right direction :)

Answer 1

So this is not just about Zend but working with ACLs in general.

Usually when you implement access rights in an ACL you assign it to a group rather than an individual user. Then you can easily (and dynamically) add or remove users from groups.

In Zend ACL you can think of these groups as the roles. In your case you assign the access rights for a resource to a group (or role) that represent a certain number of points. Now you only have to worry about moving users between these groups based on the points they have earned.