An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. The Zend Acl will teach us how we should implement the ACL functionality for the web applications which is built in Zend Framework.
2. Table of Contents
● What is Acl?
● Zend & Basic Set Up
● Components of Acl(Zend)
● Resources in Acl
● Roles in Acl
● Creating a simple Acl with example
● Storing ACL Data for Persistence
● Conditional ACL Rules with Assertions
● Benefits
3. What is Acl?
● The functionality of specifying access rights to
resources is access control.
● An ACL specifies which users or system processes
are granted access to resources, as well as what
operations are allowed on given resource.
● An access control list (ACL), with respect to a
computer file system is a list of permissions attached
to the files.
4. Zend & Basic Set Up
● Zend Framework is an open source, object oriented
web application framework for PHP 5.
● Zend is often called a 'component library', because
it has many components that you can use more or
less independently.
● Provides Model-View-Controller (MVC)
implementation.
● Basic set up can be found here -
http://framework.zend.com/manual/1.12/en/learnin
g.quickstart.html
5. Components of Acl(ZF)
● Zend_Acl is a flexible implementation for privileges
management.
● Mainly two objects (Resource and role) are involved
→ a resource is an object to which access is
controlled.
→ a role is an object that may request access to a
Resource.
→ And privileges is what an object can do on the
Resource.
6. Resource in Zend_Acl
● In Zend, resource can be a “module” or “controller”
or “controller action” or any block of code.
● Zend_Acl provides Zend_Acl_Resource_Interface
as a resource to facilitate creating resource.
● Additionally, Zend_Acl_Resource is provided by
Zend_Acl as a basic resource implementation.
● $acl = new Zend_Acl();
● $acl->add(new Zend_Acl_Resource('Resource'));
7. Role in Zend_Acl
● In Zend, role is the user type say “admin” or “guest”
etc.
● Zend_Acl provides Zend_Acl_Role_Interface as a
basic role to facilitate creating role.
● Additionally, Zend_Acl_Role is provided by
Zend_Acl as a basic role implementation.
● $acl = new Zend_Acl();
● $acl->addRole(new Zend_Acl_Role('guest'))
8. Zend Role continue.....
● In Zend_Acl, a role may inherit from one or more
roles. This is to support inheritance of rules among
role.
● The following code defines three base roles -
"guest", "member", and "admin"
● $acl->addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('member'))
->addRole(new Zend_Acl_Role('admin'));
11. Zend Role continue.....
Multiple Inheritance among Roles:
● O/P – allowed
● When specifying multiple parents for a role, then the
last parent listed is the first one searched for rules
applicable to an authorization query.
13. Storing ACL Data
● Zend_Acl was designed in such a way that it does
not require any particular back-end technology such
as a database or cache server for storage of the ACL
data.
● Zend_Acl is serializable, ACL objects may be
serialized with PHP's serialize() function, and the
results may be stored anywhere the developer
should desire, such as a file, database, or caching
mechanism.
● Let us see an example to store the Acl data in
database.
14. Conditional ACL Rules
● Zend_Acl provides support for conditional rules
with Zend_Acl_Assert_Interface.
→ Only between the hours of 8:00am and 5:00pm.
→ Access / Deny specific to any IP address.
● $acl = new Zend_Acl();
● $acl->allow(null, null, null, new ClsAssertion());
→ Assertion only applies when the assertion method
returns TRUE
15. Benefits of using Acl
→ Security.
→ Filtering traffic.
→ Confidentiality - Control disclosure of
information.
→ Centralized place to access and manage ACL
rules, resources, and roles.
→ Maps nicely to the MVC controller/action
architecture.
→ Easiness of user and resource management.
→ Easy modification.