Zend ACL Basics


Published on

An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. The Zend Acl will teach us how we should implement the ACL functionality for the web applications which is built in Zend Framework.

Published in: Software, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Zend ACL Basics

  1. 1. Zend Acl Presented By Rajanikant Beero
  2. 2. Table of Contents ● What is Acl? ● Zend & Basic Set Up ● Components of Acl(Zend) ● Resources in Acl ● Roles in Acl ● Creating a simple Acl with example ● Storing ACL Data for Persistence ● Conditional ACL Rules with Assertions ● Benefits
  3. 3. What is Acl? ● The functionality of specifying access rights to resources is access control. ● An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resource. ● An access control list (ACL), with respect to a computer file system is a list of permissions attached to the files.
  4. 4. Zend & Basic Set Up ● Zend Framework is an open source, object oriented web application framework for PHP 5. ● Zend is often called a 'component library', because it has many components that you can use more or less independently. ● Provides Model-View-Controller (MVC) implementation. ● Basic set up can be found here - http://framework.zend.com/manual/1.12/en/learnin g.quickstart.html
  5. 5. Components of Acl(ZF) ● Zend_Acl is a flexible implementation for privileges management. ● Mainly two objects (Resource and role) are involved → a resource is an object to which access is controlled. → a role is an object that may request access to a Resource. → And privileges is what an object can do on the Resource.
  6. 6. Resource in Zend_Acl ● In Zend, resource can be a “module” or “controller” or “controller action” or any block of code. ● Zend_Acl provides Zend_Acl_Resource_Interface as a resource to facilitate creating resource. ● Additionally, Zend_Acl_Resource is provided by Zend_Acl as a basic resource implementation. ● $acl = new Zend_Acl(); ● $acl->add(new Zend_Acl_Resource('Resource'));
  7. 7. Role in Zend_Acl ● In Zend, role is the user type say “admin” or “guest” etc. ● Zend_Acl provides Zend_Acl_Role_Interface as a basic role to facilitate creating role. ● Additionally, Zend_Acl_Role is provided by Zend_Acl as a basic role implementation. ● $acl = new Zend_Acl(); ● $acl->addRole(new Zend_Acl_Role('guest'))
  8. 8. Zend Role continue..... ● In Zend_Acl, a role may inherit from one or more roles. This is to support inheritance of rules among role. ● The following code defines three base roles - "guest", "member", and "admin" ● $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')) ->addRole(new Zend_Acl_Role('admin'));
  9. 9. Zend Role continue..... Inheritance ● $acl->addRole(new Zend_Acl_Role('guest'), 'user') Multiple Inheritance among Roles: ● $parents = array('guest', 'member', 'admin'); ● $acl->addRole(new Zend_Acl_Role('someUser'), $parents);
  10. 10. Zend Role continue..... Multiple Inheritance among Roles: ● $acl->add(new Zend_Acl_Resource('someResource')); ● $acl->deny('guest', 'someResource'); ● $acl->allow('member', 'someResource'); ● echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';
  11. 11. Zend Role continue..... Multiple Inheritance among Roles: ● O/P – allowed ● When specifying multiple parents for a role, then the last parent listed is the first one searched for rules applicable to an authorization query.
  12. 12. Creating a Simple ACL
  13. 13. Storing ACL Data ● Zend_Acl was designed in such a way that it does not require any particular back-end technology such as a database or cache server for storage of the ACL data. ● Zend_Acl is serializable, ACL objects may be serialized with PHP's serialize() function, and the results may be stored anywhere the developer should desire, such as a file, database, or caching mechanism. ● Let us see an example to store the Acl data in database.
  14. 14. Conditional ACL Rules ● Zend_Acl provides support for conditional rules with Zend_Acl_Assert_Interface. → Only between the hours of 8:00am and 5:00pm. → Access / Deny specific to any IP address. ● $acl = new Zend_Acl(); ● $acl->allow(null, null, null, new ClsAssertion()); → Assertion only applies when the assertion method returns TRUE
  15. 15. Benefits of using Acl → Security. → Filtering traffic. → Confidentiality - Control disclosure of information. → Centralized place to access and manage ACL rules, resources, and roles. → Maps nicely to the MVC controller/action architecture. → Easiness of user and resource management. → Easy modification.
  16. 16. Questions??
  17. 17. Thank You Voting time, please vote for better India :)