I am wondering how should I structure my ACL for CRUD with Parent/Child Relations.
Eg. Projects have TodoLists. TodoLists have Todos
There are various controller actions for project
As you can see going down the hierarchy, some actions have ids that refer not to themselves (eg. todo-lists controller -> todo-list resource) but to their parent
So with with I have setup (generally), it looks like this
Zend_Acl_Resource_Interface. Here is where the complication arises. I will usually get the resource from the controller name, but for eg. with /todo-lists/add I must know to get the parent entity instead (Project). With this setup, I will have to chage the privilege to to something like 'addTodoList'. This way, the project acl assertion class will have to TodoLists stuff. There will also be a disconnect between Controller Actions & ACL Logic. Is that ok?Maybe I should have addTodoListAction in ProjectsController instead of TodoListsController? This will simplify my ACL code, I won't need to check and modify resource/privileges? I can just take these directly from the request params (Controller & Action names).
How do you setup ACL's like this?
use Zend_Acl_Assertion , create your assertion for projectid and todoId. At the time of giving permission do
$myAcl->allow($role,'projects','edits',new My_Project_Assertion());
and you cannot use action "addTodoListAction" because of captial letters (or define your own dispatcher) addtodolistAction wd work;