What's a good way to implement api keys for accessing specific controller actions using Zend MVC?
I currently have Zend_Acl in combination Zend_Auth using session cookies, but I want some actions to be crontabbed, while password protected through Zend_Acl + Zend_Auth (Typically an action to read from database etc. to refresh cache).
How can I utilize Zend_Acl to keep track of api keys for login, and read the correct identity/role from Zend_Auth based on these?
Zend_Auth will handle most of the authentication for you. Use something along
$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
//call a custom login action helper to try login with GET-params
}
if ($auth->hasIdentity())
$identity = $auth->getIdentity();
//...
}
Now you can determine the Zend_Acl_Role based on the identity. I always create a new role for each user and let this role 'inherit' all generic roles that the user actually has.
// specific user with $identity is given the generic roles staff and marketing
$acl->addRole(new Zend_Acl_Role('user'.$identity), array('staff', 'marketing'));
Of course you can retrieve the array of roles from a database. Then you have to specify the rights of each role. You can hard code that or save these information in a database as well.
$acl->allow('marketing',
array('newsletter', 'latest'),
array('publish', 'archive'));
In your controller you can now check
$acl->isAllowed('user'.$identity, Zend_Acl_Resource ...)
If you have a more complex access control where the rights depend on the information inside some classes (probably MCV models), have these classes implement the Zend_Acl_Resource_Interface. Then you use this class as a parameter of a Zend_Acl_Assertion and handle the information there.