服务层/导航中的 Zend Acl

发布于 2024-11-05 10:20:26 字数 579 浏览 3 评论 0原文

我正在使用 zend 框架开发一个“我认为很简单”的应用程序。这是我使用 zf 的第四个应用程序,但也是我使用动态 ACL 的第一个应用程序。应用程序使用标准 MVC 设置和模型/域层(由服务层组成)来访问通过映射器映射的模型(popo)。对于每个模型,我都有相应的服务和映射器。我想让我的 UserModel 实现 Role 接口,然后我所有基于模型的服务都实现 Resource 接口。另外,我希望基于静态角色指定预定义的权限,但也能够根据用户的角色更改每个用户的指定权限;

例如: 我的角色是“供应商”,默认情况下可以使用“创建”、“编辑”和“查看”权限访问“发票”资源。 因此,我的 InvoiceService 我将成为具有创建、编辑、查看和删除方法的“发票”资源(但默认情况下,只有角色管理员可以删除发票。

对于具有供应商角色的特定用户,我希望能够授予删除权限,或者对于具有供应商角色的其他用户,我可能希望能够拒绝编辑权限。因此,我的想法必须以某种方式保留并动态加载

。 我是否以错误的方式处理这个问题? 另外,如何使用 Zend Navigation 实现这样的解决方案?

任何想法、指导、课程反馈将不胜感激。

抱歉,如果我整晚都在解释,做得很糟糕。

Im working on a "what I thought would be simple" application using zend framework. This is my 4th application with zf, but my first with a dynamic ACL. Application uses standard MVC setup with Model/Domain Layer consisting of a Service Layer to access my Models(popo) which are mapped through Mappers. For each Model I have a corresponding Service and Mapper. I would like to have my UserModel implement the Role interface and then all my model based services implement the Resource interface. Also I would like to have specified predefined privileges based on static roles, but also be able to change specified privileges for each user based on the user's role(s);

So for instance:
I role of 'vendor' that by default has access to the 'invoice' resource with 'create', 'edit' and 'view' privileges.
So my InvoiceService I would would be the 'invoice' resource with methods create, edit, view, and delete(but by default only role admin could delete an invoice.

For a specific user with role of vendor I would like to be able to grant delete privilege, or for another user with vendor role I might like to be able to deny edit privilege. This im thinking would have to be persisted in some way and dynamically loaded.

So to my actual question(s).
Am I going about this the wrong way?
Also how could a solution like this be implemented with Zend Navigation?

Any ideas pointers lessons feedback would be greatly appreciated.

Sorry if I have done a crap job with my explanation been up all night.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

心房的律动 2024-11-12 10:20:26

是的,正如大卫所说,你走在正确的道路上。 Zend_Navigation 与 Zend_Acl 配合得很好。您可以在 xml 或 ini 文件中定义导航,为每个页面分配资源和所需的权限,然后将 ACL 和导航容器注入导航视图助手中。您还可以将导航助手的当前角色设置为当前登录的人员,这将根据 ACL 显示或隐藏导航元素。

我想说,在导航容器中定义所有这些页面有点乏味和冗长,但并不困难。

至于定义 ACL,您可以做一些简单的事情,例如在单个 php 文件中定义所有角色和资源,或者您可以采用更灵活的方法,将此信息存储在数据库中并构建 acl。您肯定希望使用后一种方法来缓存 ACL。

Yes, as David said you are on the right track. Zend_Navigation plays very nicely with Zend_Acl. You can define your navigation in an xml or ini file, assigning each page a resource and required privilege, and then inject the ACL and the navigation container into the navigation view helper. You can also set the current role for the navigation helper to whomever is currently logged in, which will show or hide navigation elements based on the ACL.

I will say that defining all those pages in a navigation container is a bit tedious and verbose, but not difficult.

As for defining your ACL, you can do something as simple as defining all your roles and resources in a single php file, or you can have a more flexible approach and store this information in a database and build the acl. You'd definitely want to cache the ACL with the latter approach.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文