Zend_Acl 用于页面的特定部分
我知道如何使用 Zend_Acl 允许某些用户组使用某些资源,但是如何使用它来只允许显示页面的特定部分?例如,
我在页面上有一个通过 AJAX 删除帖子的按钮,但我只想向管理员显示该按钮。我可以使用 Zend_Acl 来阻止对控制器发布/删除的访问,但我无法使用它来阻止按钮显示。
I know how to use Zend_Acl to allow certain resources to certain usergroups but how do i use it to allow only specific parts of the page to be shown? For example
I have a button to delete a post via AJAX on the page but i only want to show the button to Admins only. I can use Zend_Acl to block access to the controller post/delete but i can't use it to block the button from showing.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
。
这样不就行了吗?
.
Would that not do it?
您还可以编写自定义静态 ACL 类,然后可以直接从视图脚本中调用该类。
由于 ACL 通常在插件级别处理,这意味着如果您的访问者正在查看视图,则 ACL 已经允许该资源,因此在您的视图中您现在可以执行类似的操作...
if(My_Custom_Acl::getIsAllowed('some_resource', 'delete_post_action'){我没有在自定义中指定角色名称getIsAllowed() 方法,因为此时 ACL 已经假设知道用户的身份和角色。
希望这有帮助
You can also write a custom static ACL class which you can then call directly from within your view script.
Since ACL is normally handled at plugin level it means that if your visitor is seeing the view then ACL has already allowed the resource, therefor inside your view you can now do something like this...
if(My_Custom_Acl::getIsAllowed('some_resource', 'delete_post_action'){I did not specify the role name in the custom getIsAllowed() method, because at this point ACL is already suppose to know the user's Identity and the Role.
Hope this helps
尽管克里斯托夫给出了一个很好的解决方案,但另一种选择是分裂观点。虽然这开始违反 DRY,但当你有大约 200 个不同的管理事物/控件时,它在视图中变得很重 - 因此用 $this->render('view') 和 $this->render(' 分割视图编辑')从控制器获取权限有时更容易。那么只有编辑视图脚本具有编辑链接。但同样,它是 DRY 的,所以不是最佳的,而是一种替代方案。我想你必须权衡一下,哪一个更干燥,重复 ACL 检查还是在 2 个视图中进行这些操作......
Although Christof gave a good solution, an alternative is to split the views. Although this starts to violate DRY, when you have about 200 different admin things/controls, it's getting heavy in the view - thus splitting the view with $this->render('view') and $this->render('edit') for permissions from the controller is sometimes easier. Then only the edit view script has the edit links. But again, it's DRY, so not optimal, but an alternative. I guess you have to weigh it up, which one is more DRY, repeating the ACL check or the stuff in 2 views...