Comments on: Zend Acl with Authentication and Reflection

By: Oscar

Oscar — Sat, 20 Aug 2011 12:52:57 +0000

Impresionante John!

De lo mejor que he visto sobre Zend y PHPUnit.

Gracias por compartir su experiencia.

Un saludo desde España,

————————
Translator Google
————————
Awesome John!

The best I’ve seen on Zend and PHPUnit.

Thanks for sharing your experience.

A greeting from Spain

By: Cristian

Cristian — Thu, 24 Mar 2011 22:18:36 +0000

Hi there John.
I know this video is kind of old , But I need to understand how Zend_Acl roles and resources can be used for restricting or allowing access to certain actions or controllers

Regards :b

By: Ibrahim

Ibrahim — Sat, 12 Mar 2011 17:47:53 +0000

Then after the user logs in, having the role in session, you can check whether he has permissions or not whe he tries to access certain controllers/actions.

I’m against having that particular kind of information in a session, even though it is server side. Through hijacking or manipulation it is quite possible to change your own role and you could have a serious breach of security. My philosophy is to keep user information in the database and just save the userid and a secretkey in your session to authenticate and after authentication look up the information in the database for full security.

@video, even though I like how you explained the auth and acl, I do have some remarks on your code. First of all, I would not make a difference in user lookups (e.g. UserLookup and AdminLookup). A user is a user. The proces should be the same. Zend_Acl is there to differentiate users, the authentication is merely to authenticate.

I would also not, if I chose to separate the authentication for regular users and admin, make a interface, but rather a parent class or even an abstract class to obey the laws of DRY.

Even though I had remarks, great job on your video.

By: Felipe

Felipe — Tue, 11 Jan 2011 20:06:20 +0000

“A tutorial combining Zend_Auth with Zend_Acl focused on controlling access to Controllers/Actions will be great!”

I agree too, i’m developed a solution like SousGarden using a helper to control ACL.

Make this using the native Zend_Acl would be nice!

By: SousGarden

SousGarden — Fri, 09 Apr 2010 23:18:42 +0000

“A tutorial combining Zend_Auth with Zend_Acl focused on controlling access to Controllers/Actions will be great!”
RIGHT!!!
Thats also my question.
I realize it already, but I’m unhappy with my solution.
My resource is the controller and/with action in my Acl class. But this means I have to set ALL my controllers with all actions in my Acl class.

That’s ugly.
I’m searching for a way to give a controller/action class a predefined resource like PUBLIC_PAGE and ADMIN_PAGE. That would make the work much more clean.

But how to get this. I use a preDispatch plugin, and at that point the controller isn’t initiated.

A good idea or help will be nice.

By: Zend Acl Tutorials « Web Developer Tips

Zend Acl Tutorials « Web Developer Tips — Fri, 26 Mar 2010 07:04:30 +0000

[...] Zend Acl Tutorials Filed Under: Zend by nisanthkumar — Leave a comment March 26, 2010 Zend Acl Link1 [...]

By: mysticav

mysticav — Thu, 25 Mar 2010 09:33:54 +0000

“marsbomber says: this is a great tutorial! however is it possible to make a simple database driven acl implementation tutorial in the future?”

IMO,
If you plan to manage a different Role per User, then static Zend_ACL is not feasible. Because Zend_ACL uses the Roles Approach, which basically predefines a set of rules to be shared among many users.

I can’t imagine updating manually the Role’s file every time a user is added to the database !

So, creating a role per user could be insane using Zend_Acl

If you apply a role to many users (as it should be), then it’s just a matter of mapping the user to the specific role created with Zend_Acl.

The mapping could be done dynamically on the database. Just add a “role” column to the Users table. Then after the user logs in, having the role in session, you can check whether he has permissions or not whe he tries to access certain controllers/actions.

Jon,

A tutorial combining Zend_Auth with Zend_Acl focused on controlling access to Controllers/Actions will be great!

By: shaded

shaded — Tue, 23 Mar 2010 13:56:41 +0000

can you give a simple example of how to call this in a view? no forms or anything, just a page showing text and making portions visible only to a user that has access.

By: Bernard Robbins

Bernard Robbins — Mon, 01 Mar 2010 19:10:25 +0000

Another awesome tutorial.

By: jon

jon — Wed, 03 Feb 2010 13:29:32 +0000

Personally, I wouldn’t put them in the models folder since I see ACL roles / resources as a component of a model. They model would likely “look-up” that particular object, but it wouldn’t be coupled to the model in any way since this would create an unnecessary one-to-one coupling of the ACL rules and the model.

By: Niels

Niels — Wed, 03 Feb 2010 11:48:04 +0000

I know this post is old, but anyways. Jon, wouldn’t you say that ACL roles, resources and permissions are Models and should hence live in the Models folder?

By: jon

jon — Sat, 11 Jul 2009 18:02:36 +0000

Hi Lukasz,

Are you referencing the Zend Framework or is it actually sitting in your library? If its in the actual NetBeans project than there shouldn’t be a problem, however I’ve moved to Zend Studio recently so I can’t comment on NB specifically. I might start using NB for some more videos in the next months. Thanks for the feedback

By: Łukasz Woźniak

Łukasz Woźniak — Fri, 10 Jul 2009 19:06:36 +0000

Hello!

I’m just starting learning Zend Framework and your Zendcast are great very good job:) U can’t say it with one word

I have a couple of questions… i have some problems with “code Code Completions”. I’m using NetBeans and sometimes it complete code by hit Ctrl+Space, but very offen i get “no suggestions”. And i see that in this same steps in your ZC u have “Code Completions”.

I’m searching whole net to find something, but in NetBeans it isn’t support for ZF. And in Eclipse are some points for it. I saw many ppl have problems with it with half working code completions.

I’ll very glad if u have somewhere some solutions for it. IDE isn’t metter( but in margin: I prefer NB:)

Thank you for help.
Lukas

P.S.
Sorry for my bad english:) I believe u understand me

By: tawfekov

tawfekov — Tue, 30 Jun 2009 07:26:44 +0000

you can find the download link if you view the Desktop Feed link with firefox

By: Tony

Tony — Tue, 30 Jun 2009 05:12:07 +0000

At first , thank’s to John for great struggle and hope to continue .

this is the link for this screen cast :

http://www.zendcasts.com/wp-content/uploads/2009/06/zc28-zend-acl-reflection-authentication-screen.mov

By: BEREGU

BEREGU — Tue, 30 Jun 2009 04:27:38 +0000

You can download the video with the following link:

http://www.zendcasts.com/wp-content/uploads/2009/06/zc28-zend-acl-reflection-authentication-screen.mov

By the way, thank you Jon Lebensold for the nice video tutorials.

By: marsbomber

marsbomber — Tue, 30 Jun 2009 00:53:48 +0000

this is a great tutorial! however is it possible to make a simple database driven acl implementation tutorial in the future?

By: Yosy

Yosy — Mon, 29 Jun 2009 22:21:57 +0000

Thanks for the great tutorials,
Can you create tutorial about “modules” ?

By: snapshot

snapshot — Mon, 29 Jun 2009 17:33:27 +0000

Where are links to download video?