Zend Framework ACL Plugin

http://phptechsolutions.wordpress.com/2012/07/06/building-a-simple-zend-framework-acl/

Zend_Acl consists of resources, privileges and roles. Resources can be anything ranging from controllers to files. Privileges are different levels of access on the resource. Roles determine who can access a resource, and with what privileges. Roles can be users, user groups or anything you wish to associate. In Zend_Acl, Role can be inherited form one or more roles.

To create resources and roles, you will need to first create Zend_Acl instance as

1
$acl = new Zend_Acl();

And then add role and resources to it as follows

1
2
3
$acl->add(new Zend_Acl_Resource(‘view’));
$acl->add(new Zend_Acl_Resource(‘edit’));
$acl->add(new Zend_Acl_Resource(‘delete’));

Once we create roles and resources we can assign different privileges to different roles on different resources as

1
2
3
$acl->allow(‘guest’,null,’view’);
$acl->allow(‘editor’,array(‘view’,’edit’));
$acl->allow(‘admin’);

Similarly we can use deny() method of Zend_Acl for access denials as

1
$acl->deny(‘guest’,null,array(’edit’,’delete’));

Later in our code we can check privileges as

1
$acl->isAllowed(‘guest’,null,’view’);

isAllowed() method return boolean value either true or false based on the privileges.
To see how can we use Zend_Acl component in our applications lets take a simple example.

Let we have different controllers, e.g news, latestnews, announcements with each having the view, edit and delete actions

Now in Library/My/Controller/Plugin/, create Acl.php and place the following code.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
 class My_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
 {
     private $_acl;
     public function preDispatch(Zend_Controller_Request_Abstract $request)
     {
         $acl = $this->_getAcl();
         $role = $this->_getRole();
         $resource = $request->getControllerName();
         $privilege = $request->getActionName();
         $allowed = $acl->isAllowed($role, $resource, $privilege);
         if (!$allowed) {
             $controller = 'error';
             $action = 'index';
             $redirector = new Zend_Controller_Action_Helper_Redirector();
             $redirector->gotoSimpleAndExit($action, $controller);
         }
     }
     protected function _getAcl()
     {
         if (null === $this->_acl) {
             $acl = new Zend_Acl();
             // Roles
             $acl->addRole('guest');
             $acl->addRole('user', 'guest');
             $acl->addRole('admin', 'user');
             // Resources
             $acl->add(new Zend_Acl_Resource(‘view’));
             $acl->add(new Zend_Acl_Resource(‘edit’));
             $acl->add(new Zend_Acl_Resource(‘delete’));
             // Rules
             $this->acl->allow(‘guest’,null,’view’);
             $this->acl->allow(‘editor’,array(‘view’,’edit’));
             $this->acl->allow(‘admin’);
             $this->_acl = $acl;
         }
         return $this->_acl;
     }
     protected function _getRole()
     {
         $auth = Zend_Auth::getInstance();
         if ($auth->hasIdentity()) {
         $identity = $auth->getIdentity();
         $role = empty($identity->role) ? 'user': $identity->role;
         } else {
             $role = 'guest';
         }
         return $role;
     }
 }

Explanation:
In the code above we are creating plugin by extending it form Zend_Controller_Plugin_Abstract and override preDispatch() method.

If this is first attempt to access our application we give user a role “guest”. We can set this type at our authentication and give user a specific type when he login.

Next we get Action name by using $request->getActionName() and assign it to $privilageName.
The next line are very crucial. We check the privileges

1
$allowed = $acl->isAllowed($role, $resource, $privilege);     

If the above condition is true. It means that the user hasn’t had the privileges to access the requested Action.

So we redirect user to ErrorController’s Index action.

If the condition is false then he access the particular controller action.

We have now nearly done. However you will need to register the plugin.

1
2
3
// application/configs/application.ini
autoloaderNamespaces[] = "My_"
resources.frontController.plugins.Acl = "My_Controller_Plugin_Acl"

That it your simple role management application.
Now if you first request

http://yourhost/news/view

it will give you access to the specified view Action of the news or any other controller.
However if you request

http://yourhost/news/edit/

you will be redirected to the Error Controller’s index action. I haven’t mention Error Controller, so you better create your own.

Android videók

  • Android alapok: Egy korábbi Android képzésünkön az 1. és 2. napon vettük át az alapokat, melyek videóit bejelentkezés után itt nézheted meg.
  • Bónusz Android előadások: Ugyanitt további előadásokat is ingyenessé tettünk, amelyek ugyan már nem számítanak alapnak, ellenben érdekesek. Ezek a 3., 7. és 12. nap anyagai.

Automating Front-end Workflow

https://speakerdeck.com/addyosmani/automating-front-end-workflow

Writing a modern web app these days can sometimes feel like a tedious process; frameworks, boilerplates, abstractions, dependency management, build processes..the list of requirements for a front-end workflow appears to grow each year.

What if however, you could automate a lot of this? This talk introduces you to a new workflow of tools to keep you productive on the front-end.

Learn about:
– Yeoman, Grunt and Bower
– Brand new features in Chrome DevTools
– Alfred workflows
– Tools for live editing and debugging CSS/JS/HTML with Chrome
– Productivity tools for Sublime
– Tools for synchronised cross-device mobile testing
– Network throttling tools
– Visual regression testing tools
and much more.