如果用户是资源的所有者,如何使 ACL 允许?
查看 Zend ACL 和其他类似的 ACL,似乎(我在这里可能是错的)只允许您允许/拒绝角色对资源的操作。
但是,如果假设您有一些用户是编辑者,并且允许他们“编辑”“帖子”,但如果您只想允许他们编辑用户拥有的“帖子”怎么办?
在现实世界中如何处理这种情况?我宁愿避免类似的事情......
if ($acl->allowed($role, $action, $resource) and $resource->user_id == $user_id) { ... }
Looking at Zend ACL and other similar ACL's, it seems to, and I may be wrong here, to only allow you to allow/deny an action by a role on a resource.
But what if say for example that you have users who are editors and they are allowed to "edit" "posts" but what if you only wanted to allow them to edit "posts" owned by the user?
How is this situation handled in the real world? I would prefer to avoid something like...
if ($acl->allowed($role, $action, $resource) and $resource->user_id == $user_id) { ... }
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论