Content Driven Zend_Acl in the Model Layer

Content Driven ACL in the Model Layer

Jeroen Keppens e-mail jeroen@amazium.com twitter @amazium blog http://blog.amazium.com

Use Case • News site that serves articles, some are free others not. You need to be a subscriber to access them, or buy access to the article. • Users can be either visitors (registered, but no subscription) or subscribers • When an article is opened in the browser, the article needs to be displayed if the user can view it, otherwise show intro and BUY button.

Conﬁguring ACL Deﬁning roles, resources & rules

App_Acl_Acl class App_Acl_Acl extends Zend_Acl { public function __construct() { // Roles $this->addRole('visitor'); $this->addRole('subscriber', 'visitor'); // Resourcess $this->addResource('article'); $this->addResource('free-article', 'article'); $this->addResource('charged-article', 'article'); // Access rules $this->allow('subscriber', 'article'); $this->allow('visitor', 'free-article'); $this->allow('visitor', 'charged-article', null, new App_Acl_Assert_UserOwned()); } }

App_Acl_Assert_UserOwned class App_Acl_Assert_UserOwned implements Zend_Acl_Assert_Interface { public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // First we need a good Resource type if (!$resource instanceof App_Model_UserOwnedInterface) { throw new Exception('UserOwnedInterface not implemented'); } // Secondly, we need a authenticated user $auth = Zend_Auth::getInstance(); if (!$auth->hasIdentity()) { return false; } $user = new App_Model_User($auth->getIdentity()); // Then do the check /** @var App_Model_UserOwnedInterface $resource */ return $resource->isOwnedByUser($user); } }

Model Layer Domain Logic

User Model • Implements Zend_Acl_Role_Interface • User can have a visitor or subscriber role • User has bought (owns) 0-n articles • 2 important functions: getRoleId() - user's role hasArticle() - did the user buy the article?

App_Model_User class App_Model_User implements Zend_Acl_Role_Interface { /* ... */ // Implementing Zend_Acl_Role_Interface public function getRoleId() { return $this->_roleId; } // Check if a user has bought an article public function hasArticle($article) { if ($article instanceof App_Model_Article) { $article = $article->getId(); } return in_array($article, $this->getUserArticles()); } }

Article Model • Implements Zend_Acl_Resource_Interface • Implements App_Model_UserOwnedInterface • Article can be free-article or charged-article • 2 important functions: getResourceId() - article's resource id isOwnedByUser() - article bought by user?

App_Model_Article interface App_Model_UserOwnedInterface { public function isOwnedByUser(App_Model_User $user); } class App_Model_Article implements Zend_Acl_Resource_Interface, App_Model_UserOwnedInterface { /* ... */ // Implementing Zend_Acl_Resource_Interface public function getResourceId() { if ($this->isFree()) { return 'free-article'; } else { return 'charged-article'; } } // Implementing App_Model_UserOwnedInterface public function isOwnedByUser(App_Model_User $user) { return $user->hasArticle($this); } }

Checking ACL Can the role access the resource?

for ($j = 0; $j < count($users); $j++) { // Make ZF think he has authenticated a user Zend_Auth::getInstance()->getStorage()->write($users[$j]->toArray()); // Loop over the articles and check access for ($i = 0; $i < count($articles); $i++) { $access[] = array( 'user' => $users[$j]->getUsername(), 'article' => $articles[$i]->getTitle(), 'allowed' => $acl->isAllowed($users[$j], $articles[$i]) ); } } • Authenticate user • Call isAllowed() for user & article

More info? Read the article below on my blog blog.amazium.com “Content-driven Access Control with Zend ACL” http://www.amazium.com/blog/content-driven-access-control-with-zend-acl

Thanks for listening Please rate the talk at http://joind.in/talk/view/

http://www.slideshare.net	22
http://www.lmodules.com	2
http://www.linkedin.com	1

Content Driven Zend_Acl in the Model Layer

by Jeroen Keppens on Jun 11, 2010

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 25

Statistics

Content Driven Zend_Acl in the Model Layer Presentation Transcript