I'm contemplating using Zend_ACL. However, to me it looks like you create roles and then give those roles permissions to controllers and actions they can or cannot access.
However, to me that seems fairly limited. I have created a user permission system in the past where I stored the user_id, the module, the controller and the action they can access, however I never gave them a group. Therefore it was a per user, per module, per controller, per action basic on what they could access.
So! I'm wondering if I wanted to be less limited by groups that I should give the user a group and set those group permissions by default. Then load my user specific roles and over write the roles set by the default group: is that how you guys would do it?
Thanks for your feedback guys, however I decided to create my own. In case anyone's interested:
public function verify($controller=NULL, $action='index', $module='administration') {
if ((isset($this->object[$module]['all']) && is_string($this->object[$module]['all'])) || isset($this->object[$module][$controller][$action]) || (isset($this->object[$module][$controller]) && is_string($this->object[$module][$controller]))) {
return true;
}
}
public static function check($values) {
$module = $values['module'] ? $values['module'] : 'administration';
$controller = $values['controller'] ? $values['controller'] : 'index';
$action = $values['action'] ? $values['action'] : 'index';
$user_id = $values['user_id'];
$db = Zend_Registry::get('dbAdapter');
$query = $db->prepare("
SELECT *
FROM `".self::table_name."`
WHERE
(
(`module` = :module AND `controller` = :controller AND `action` = :action) OR
(`module` = :module_2 AND `controller` = :controller_2 AND `action` = '') OR
(`module` = :module_3 AND `controller` = '' AND `action` = '')
)
AND enabled = 1
AND user_id = :user_id
");
$query->bindValue('module', $module);
$query->bindValue('module_2', $module);
$query->bindValue('module_3', $module);
$query->bindValue('controller', $controller);
$query->bindValue('controller_2', $controller);
$query->bindValue('action', $action);
$query->bindValue('user_id', $user_id);
$query->execute();
$item = $query->fetch(PDO::FETCH_OBJ);
$query->closeCursor();
if (is_object($item)) {
return $item;
} else {
throw new exception("Could not load user permission for this page ($module, $controller, $action)");
}
}
and in the view:
<?php if ($this->user_permissions->verify('movie')) { ?>
<li class="parent">
<img src="/design/images/icon/dvd.png" /> <span class="highlighter"><a href="/administration/movie/index">Movie</a></span>
<?php if ($this->user_permissions->verify('movie', 'add')) { ?>
| <a href="/administration/movie/add">Add</a>
<?php } ?>
<?php if ($this->user_permissions->verify('movie', 'featured')) { ?>
<ul>
<li>
<img src="/design/images/icon/order.png" /> <a href="/administration/movie/featured">Order Featured</a>
</li>
</ul>
<?php } ?>
</li>
<?php } ?>