php - Creating Dynamic Acl in Zend - Framework (check list for acl)


I am trying to build a group based acl in the zend framework. Basically there will be three roles: admin, guest and user. And there will be different groups for the user role. How it will work is I have a check list of modules/controllers and action using the check list admin will be allowed to create group. Group could be something like editor (role will be user for editor aswell ). This group will be saved in database in a table group (group_id, group_name) and the resources selected will be saved in a table resource (resource_id, resource, group_id). resource will be saved in a format somewhat like module:controller:action (eg : user:user:login)

What I want to know is, Is what I am trying to do is the correct way or not if it has overhead or any suggestion you could post.

class App_AccessCheck extends Zend_Controller_Plugin_Abstract{

public function preDispatch(Zend_Controller_Request_Abstract $request)


class App_Acl extends Zend_Acl

    public function __construct()
       $this->addRole(new Zend_Acl_Role('guest'));
       $this->addRole(new Zend_Acl_Role('user'));
       $this->addRole(new Zend_Acl_Role('admin'));  
       $this->add(new Zend_Acl_Resource('Controller'))
             ->add(new Zend_Acl_Resource('Controller'), 'Action');
        $resource = new App_Resource();
        $params = $resource->getResource(); 
        $this->allow('user', 'Controller', 'Action', new App_ActionAssertion($params));

    public function isAllowed($role = null, $resource = null, $privilege = null)
        // by default, undefined resources are allowed to all
        if (!$this->has($resource)) {
            $resource = 'nullresources';
        return parent::isAllowed($role, $resource, $privilege);


class App_Resource extends Zend_Controller_Request_Abstract{  

    protected $params;
    public function preDispatch(Zend_Controller_Request_Abstract $request)
        $module = $request->getModuleName();
        $controller = $request->getControllerName();
        $action = $request->getActionName();
        $params = $module.":".$controller":".$action;

    public function getParams()
        return $params;
                // String representing current module:controller:action

class App_ActionAssertion implements Zend_Acl_Assert_Interface

    //this class will check the access of the group to the particular resource in the  database table: resource  based on the params passed
       //admin will be allowed all privilege
    //return true/false 

People are also looking for solutions to the problem: Why encoding a string in php and in java is different from each other?


Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.