Most people use Zend_Acl to control access to certain controllers/actions. While this is good for most use cases, sometimes you need to go further. For example you can specify that a user has access to article/view, but you might also want to limit access to certain articles for certain roles.
3. Use Case
• News site that serves articles, some are free
others not. You need to be a subscriber to
access them, or buy access to the article.
• Users can be either visitors (registered, but no
subscription) or subscribers
• When an article is opened in the browser, the
article needs to be displayed if the user can
view it, otherwise show intro and BUY button.
8. User Model
• Implements Zend_Acl_Role_Interface
• User can have a visitor or subscriber role
• User has bought (owns) 0-n articles
• 2 important functions:
getRoleId() - user's role
hasArticle() - did the user buy the article?
9. App_Model_User
class App_Model_User implements Zend_Acl_Role_Interface
{
/* ... */
// Implementing Zend_Acl_Role_Interface
public function getRoleId()
{
return $this->_roleId;
}
// Check if a user has bought an article
public function hasArticle($article)
{
if ($article instanceof App_Model_Article) {
$article = $article->getId();
}
return in_array($article, $this->getUserArticles());
}
}
10. Article Model
• Implements Zend_Acl_Resource_Interface
• Implements App_Model_UserOwnedInterface
• Article can be free-article or charged-article
• 2 important functions:
getResourceId() - article's resource id
isOwnedByUser() - article bought by user?
14. More info?
Read the article below on my blog
blog.amazium.com
“Content-driven Access Control
with Zend ACL”
http://www.amazium.com/blog/content-driven-access-control-with-zend-acl