SlideShare a Scribd company logo
1 of 42
Download to read offline
Creating fast, dynamic ACLs in Zend Framework Wim Godden Cu.be Solutions
Who am I ? ,[object Object]
Owner of Cu.be Solutions (http://cu.be)
PHP developer since 1997
Developer of OpenX
Zend Certified Engineer
Zend Framework Certified Engineer
MySQL Certified Developer
Talking about... ,[object Object]
Authorization ,[object Object]
What's a resource ? ,[object Object]
Webpage
Database / table / row
...
Standard ACL ,[object Object]
Privileges are grouped together in  roles
2 types of  roles  : ,[object Object]
Registered / Known
Zend_Acl : the good ,[object Object]
Uses standard role / resource principles ,[object Object],[object Object]
Allow + deny
Proven, tested
Zend_Acl : the bad & ugly ,[object Object]
Performance issues
All rules are in-code
-> maintainability becomes an issue
Evolution of a portal $acl =  new  Zend_Acl(); $acl->addRole( new  Zend_Acl_Role( 'guest' )); $acl->addRole( new  Zend_Acl_Role( 'member' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'admin' ),  'member' ); $acl->addResource( new  Zend_Acl_Resource( 'cms' )); $acl->addResource( new  Zend_Acl_Resource( 'report' )); $acl->allow( 'guest' ,  'cms' ,  'view' ); $acl->allow( 'admin' ,  'cms' ,  'edit' ); $acl->deny( 'guest' ,  'report' ); $acl->allow( 'member' ,  'report' );
Evolution of a portal $acl =  new  Zend_Acl(); $acl->addRole( new  Zend_Acl_Role( 'guest' )); $acl->addRole( new  Zend_Acl_Role( 'departmentA' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentB' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'admin' ),  'member' ); $acl->addResource( new  Zend_Acl_Resource( 'cms' )); $acl->addResource( new  Zend_Acl_Resource( 'report' )); $acl->allow( 'guest' ,  'cms' ,  'view' ); $acl->allow( 'admin' ,  'cms' ,  'edit' ); $acl->deny( 'guest' ,  'report' ); $acl->allow( 'departmentA' ,  'report' );
Evolution of a portal $acl =  new  Zend_Acl(); $acl->addRole( new  Zend_Acl_Role( 'guest' )); $acl->addRole( new  Zend_Acl_Role( 'departmentA' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentB' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentC_senior_staff' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentC_marketing' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'admin' ),  'member' ); $acl->addResource( new  Zend_Acl_Resource( 'cms' )); $acl->addResource( new  Zend_Acl_Resource( 'report' )); $acl->addResource( new  Zend_Acl_Resource( 'newsletter' )); $acl->addResource( new  Zend_Acl_Resource( 'photo' )); $acl->addResource( new  Zend_Acl_Resource( 'faq' )); $acl->allow( 'guest' ,  'cms' ,  'view' ); $acl->allow( 'admin' ,  'cms' ,  'edit' ); $acl->deny( 'guest' ,  'report' ); $acl->allow( 'departmentA' ,  'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit');
Evolution of a portal $acl =  new  Zend_Acl(); $acl->addRole( new  Zend_Acl_Role( 'guest' )); $acl->addRole( new  Zend_Acl_Role( 'departmentA' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentB' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentC_senior_staff' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentC_marketing' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'cook' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'admin' ),  'member' ); $acl->addResource( new  Zend_Acl_Resource( 'cms' )); $acl->addResource( new  Zend_Acl_Resource( 'report' )); $acl->addResource( new  Zend_Acl_Resource( 'newsletter' )); $acl->addResource( new  Zend_Acl_Resource( 'photo' )); $acl->addResource( new  Zend_Acl_Resource( 'faq' )); $acl->addResource( new  Zend_Acl_Resource( 'invoicing' )); $acl->addResource( new  Zend_Acl_Resource( 'stats' )); $acl->addResource( new  Zend_Acl_Resource( 'lunchmenu' )); $acl->allow( 'guest' ,  'cms' ,  'view' ); $acl->allow( 'admin' ,  'cms' ,  'edit' ); $acl->deny( 'guest' ,  'report' ); $acl->allow( 'departmentA' ,  'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('cook', 'lunchmenu', 'edit'); $acl->allow('member', 'lunchmenu', 'view'); $acl->allow('accounting', 'invoicing', 'edit'); $acl->allow('admin', 'invoicing', 'edit'); $acl->allow('departmentC_senior_staff', 'invoicing', 'report');
Evolution of a portal $acl =  new  Zend_Acl(); $acl->addRole( new  Zend_Acl_Role( 'guest' )); $acl->addRole( new  Zend_Acl_Role( 'departmentA' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentB' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentC_senior_staff' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'departmentC_marketing' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'cook' ),  'guest' ); $acl->addRole( new  Zend_Acl_Role( 'admin' ),  'member' ); $acl->addResource( new  Zend_Acl_Resource( 'cms' )); $acl->addResource( new  Zend_Acl_Resource( 'report' )); $acl->addResource( new  Zend_Acl_Resource( 'newsletter' )); $acl->addResource( new  Zend_Acl_Resource( 'photo' )); $acl->addResource( new  Zend_Acl_Resource( 'faq' )); $acl->addResource( new  Zend_Acl_Resource( 'invoicing' )); $acl->addResource( new  Zend_Acl_Resource( 'stats' )); $acl->addResource( new  Zend_Acl_Resource( 'lunchmenu' )); $acl->allow( 'guest' ,  'cms' ,  'view' ); $acl->allow( 'admin' ,  'cms' ,  'edit' ); $acl->deny( 'guest' ,  'report' ); $acl->allow( 'departmentA' ,  'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('cook', 'lunchmenu', 'edit'); $acl->allow('member', 'lunchmenu', 'view'); $acl->allow('accounting', 'invoicing', 'edit'); $acl->allow('admin', 'invoicing', 'edit'); $acl->allow('departmentC_senior_staff', 'invoicing', 'report');
Hard to ... ,[object Object]
keep track of the rules
debug the rules
Possible solution : database ,[object Object]
Good : no code changes required
Bad : more load on DB
A different approach ,[object Object]
Uses database, but...
Additional caching layer
ZF Conventional Modular Directory Structure
Backend interface for easy management ,[object Object]

More Related Content

What's hot

PHP security audits
PHP security auditsPHP security audits
PHP security auditsDamien Seguy
 
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learned
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learnedMoving a high traffic ZF1 Enterprise Application to SF2 - Lessons learned
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learnedBaldur Rensch
 
P H P Part I I, By Kian
P H P  Part  I I,  By  KianP H P  Part  I I,  By  Kian
P H P Part I I, By Kianphelios
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Securitymussawir20
 
Solr and symfony in Harmony with SolrJs
Solr and symfony in Harmony with SolrJsSolr and symfony in Harmony with SolrJs
Solr and symfony in Harmony with SolrJsWildan Maulana
 
Disregard Inputs, Acquire Zend_Form
Disregard Inputs, Acquire Zend_FormDisregard Inputs, Acquire Zend_Form
Disregard Inputs, Acquire Zend_FormDaniel Cousineau
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application SecurityMahmud Ahsan
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmersrjsmelo
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
Open Source Search: An Analysis
Open Source Search: An AnalysisOpen Source Search: An Analysis
Open Source Search: An AnalysisJustin Finkelstein
 
PHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the testsPHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the testsMichelangelo van Dam
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
 
PHPunit and you
PHPunit and youPHPunit and you
PHPunit and youmarkstory
 
Moving from Django Apps to Services
Moving from Django Apps to ServicesMoving from Django Apps to Services
Moving from Django Apps to ServicesCraig Kerstiens
 
Entry-level PHP for WordPress
Entry-level PHP for WordPressEntry-level PHP for WordPress
Entry-level PHP for WordPresssprclldr
 
Let's write secure Drupal code! - DrupalCamp Belarus 2019
Let's write secure Drupal code! - DrupalCamp Belarus 2019Let's write secure Drupal code! - DrupalCamp Belarus 2019
Let's write secure Drupal code! - DrupalCamp Belarus 2019Balázs Tatár
 

What's hot (20)

PHP security audits
PHP security auditsPHP security audits
PHP security audits
 
Seam Glassfish Slidecast
Seam Glassfish SlidecastSeam Glassfish Slidecast
Seam Glassfish Slidecast
 
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learned
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learnedMoving a high traffic ZF1 Enterprise Application to SF2 - Lessons learned
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learned
 
PHPSpec BDD for PHP
PHPSpec BDD for PHPPHPSpec BDD for PHP
PHPSpec BDD for PHP
 
P H P Part I I, By Kian
P H P  Part  I I,  By  KianP H P  Part  I I,  By  Kian
P H P Part I I, By Kian
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Security
 
Solr and symfony in Harmony with SolrJs
Solr and symfony in Harmony with SolrJsSolr and symfony in Harmony with SolrJs
Solr and symfony in Harmony with SolrJs
 
Disregard Inputs, Acquire Zend_Form
Disregard Inputs, Acquire Zend_FormDisregard Inputs, Acquire Zend_Form
Disregard Inputs, Acquire Zend_Form
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application Security
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmers
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Open Source Search: An Analysis
Open Source Search: An AnalysisOpen Source Search: An Analysis
Open Source Search: An Analysis
 
Php Security
Php SecurityPhp Security
Php Security
 
Ant
Ant Ant
Ant
 
PHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the testsPHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the tests
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in Berlin
 
PHPunit and you
PHPunit and youPHPunit and you
PHPunit and you
 
Moving from Django Apps to Services
Moving from Django Apps to ServicesMoving from Django Apps to Services
Moving from Django Apps to Services
 
Entry-level PHP for WordPress
Entry-level PHP for WordPressEntry-level PHP for WordPress
Entry-level PHP for WordPress
 
Let's write secure Drupal code! - DrupalCamp Belarus 2019
Let's write secure Drupal code! - DrupalCamp Belarus 2019Let's write secure Drupal code! - DrupalCamp Belarus 2019
Let's write secure Drupal code! - DrupalCamp Belarus 2019
 

Similar to Creating fast, dynamic ACLs in Zend Framework

Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)Wim Godden
 
Getting started with MongoDB and PHP
Getting started with MongoDB and PHPGetting started with MongoDB and PHP
Getting started with MongoDB and PHPgates10gen
 
SugarCon 2010 - Best Practices for Creating Custom Apps in Sugar
SugarCon 2010 - Best Practices for Creating Custom Apps in SugarSugarCon 2010 - Best Practices for Creating Custom Apps in Sugar
SugarCon 2010 - Best Practices for Creating Custom Apps in SugarJohn Mertic
 
Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)
Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)
Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)Michael Wales
 
Drupal Lightning FAPI Jumpstart
Drupal Lightning FAPI JumpstartDrupal Lightning FAPI Jumpstart
Drupal Lightning FAPI Jumpstartguestfd47e4c7
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesSugree Phatanapherom
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?brynary
 
Dropping ACID with MongoDB
Dropping ACID with MongoDBDropping ACID with MongoDB
Dropping ACID with MongoDBkchodorow
 
LAMP_TRAINING_SESSION_3
LAMP_TRAINING_SESSION_3LAMP_TRAINING_SESSION_3
LAMP_TRAINING_SESSION_3umapst
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!Greg Bell
 
Graph Databases
Graph DatabasesGraph Databases
Graph DatabasesJosh Adell
 
State Machines to State of the Art
State Machines to State of the ArtState Machines to State of the Art
State Machines to State of the ArtRowan Merewood
 
Couch Db.0.9.0.Pub
Couch Db.0.9.0.PubCouch Db.0.9.0.Pub
Couch Db.0.9.0.PubYohei Sasaki
 

Similar to Creating fast, dynamic ACLs in Zend Framework (20)

Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)
 
Mojolicious on Steroids
Mojolicious on SteroidsMojolicious on Steroids
Mojolicious on Steroids
 
Os Nixon
Os NixonOs Nixon
Os Nixon
 
Getting started with MongoDB and PHP
Getting started with MongoDB and PHPGetting started with MongoDB and PHP
Getting started with MongoDB and PHP
 
SugarCon 2010 - Best Practices for Creating Custom Apps in Sugar
SugarCon 2010 - Best Practices for Creating Custom Apps in SugarSugarCon 2010 - Best Practices for Creating Custom Apps in Sugar
SugarCon 2010 - Best Practices for Creating Custom Apps in Sugar
 
Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)
Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)
Introduction to CodeIgniter (RefreshAugusta, 20 May 2009)
 
Drupal Lightning FAPI Jumpstart
Drupal Lightning FAPI JumpstartDrupal Lightning FAPI Jumpstart
Drupal Lightning FAPI Jumpstart
 
Optimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile DevicesOptimizing Drupal for Mobile Devices
Optimizing Drupal for Mobile Devices
 
Zend framework 04 - forms
Zend framework 04 - formsZend framework 04 - forms
Zend framework 04 - forms
 
What's New in ZF 1.10
What's New in ZF 1.10What's New in ZF 1.10
What's New in ZF 1.10
 
What's new in Rails 2?
What's new in Rails 2?What's new in Rails 2?
What's new in Rails 2?
 
Dropping ACID with MongoDB
Dropping ACID with MongoDBDropping ACID with MongoDB
Dropping ACID with MongoDB
 
LAMP_TRAINING_SESSION_3
LAMP_TRAINING_SESSION_3LAMP_TRAINING_SESSION_3
LAMP_TRAINING_SESSION_3
 
User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!User Experience is dead. Long live the user experience!
User Experience is dead. Long live the user experience!
 
Symfony 1, mi viejo amigo
Symfony 1, mi viejo amigoSymfony 1, mi viejo amigo
Symfony 1, mi viejo amigo
 
Graph Databases
Graph DatabasesGraph Databases
Graph Databases
 
Front End on Rails
Front End on RailsFront End on Rails
Front End on Rails
 
State Machines to State of the Art
State Machines to State of the ArtState Machines to State of the Art
State Machines to State of the Art
 
Ae internals
Ae internalsAe internals
Ae internals
 
Couch Db.0.9.0.Pub
Couch Db.0.9.0.PubCouch Db.0.9.0.Pub
Couch Db.0.9.0.Pub
 

More from Wim Godden

Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Bringing bright ideas to life
Bringing bright ideas to lifeBringing bright ideas to life
Bringing bright ideas to lifeWim Godden
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websocketsWim Godden
 
Bringing bright ideas to life
Bringing bright ideas to lifeBringing bright ideas to life
Bringing bright ideas to lifeWim Godden
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developersWim Godden
 
The why and how of moving to php 7.x
The why and how of moving to php 7.xThe why and how of moving to php 7.x
The why and how of moving to php 7.xWim Godden
 
The why and how of moving to php 7.x
The why and how of moving to php 7.xThe why and how of moving to php 7.x
The why and how of moving to php 7.xWim Godden
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websocketsWim Godden
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developersWim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
The promise of asynchronous php
The promise of asynchronous phpThe promise of asynchronous php
The promise of asynchronous phpWim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 

More from Wim Godden (20)

Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Bringing bright ideas to life
Bringing bright ideas to lifeBringing bright ideas to life
Bringing bright ideas to life
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websockets
 
Bringing bright ideas to life
Bringing bright ideas to lifeBringing bright ideas to life
Bringing bright ideas to life
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developers
 
The why and how of moving to php 7.x
The why and how of moving to php 7.xThe why and how of moving to php 7.x
The why and how of moving to php 7.x
 
The why and how of moving to php 7.x
The why and how of moving to php 7.xThe why and how of moving to php 7.x
The why and how of moving to php 7.x
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websockets
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developers
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
The promise of asynchronous php
The promise of asynchronous phpThe promise of asynchronous php
The promise of asynchronous php
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 

Recently uploaded

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 

Recently uploaded (20)

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 

Creating fast, dynamic ACLs in Zend Framework

  • 1. Creating fast, dynamic ACLs in Zend Framework Wim Godden Cu.be Solutions
  • 2.
  • 3. Owner of Cu.be Solutions (http://cu.be)
  • 9.
  • 10.
  • 11.
  • 14. ...
  • 15.
  • 16. Privileges are grouped together in roles
  • 17.
  • 19.
  • 20.
  • 23.
  • 25. All rules are in-code
  • 27. Evolution of a portal $acl = new Zend_Acl(); $acl->addRole( new Zend_Acl_Role( 'guest' )); $acl->addRole( new Zend_Acl_Role( 'member' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'admin' ), 'member' ); $acl->addResource( new Zend_Acl_Resource( 'cms' )); $acl->addResource( new Zend_Acl_Resource( 'report' )); $acl->allow( 'guest' , 'cms' , 'view' ); $acl->allow( 'admin' , 'cms' , 'edit' ); $acl->deny( 'guest' , 'report' ); $acl->allow( 'member' , 'report' );
  • 28. Evolution of a portal $acl = new Zend_Acl(); $acl->addRole( new Zend_Acl_Role( 'guest' )); $acl->addRole( new Zend_Acl_Role( 'departmentA' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentB' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'admin' ), 'member' ); $acl->addResource( new Zend_Acl_Resource( 'cms' )); $acl->addResource( new Zend_Acl_Resource( 'report' )); $acl->allow( 'guest' , 'cms' , 'view' ); $acl->allow( 'admin' , 'cms' , 'edit' ); $acl->deny( 'guest' , 'report' ); $acl->allow( 'departmentA' , 'report' );
  • 29. Evolution of a portal $acl = new Zend_Acl(); $acl->addRole( new Zend_Acl_Role( 'guest' )); $acl->addRole( new Zend_Acl_Role( 'departmentA' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentB' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentC_senior_staff' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentC_marketing' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'admin' ), 'member' ); $acl->addResource( new Zend_Acl_Resource( 'cms' )); $acl->addResource( new Zend_Acl_Resource( 'report' )); $acl->addResource( new Zend_Acl_Resource( 'newsletter' )); $acl->addResource( new Zend_Acl_Resource( 'photo' )); $acl->addResource( new Zend_Acl_Resource( 'faq' )); $acl->allow( 'guest' , 'cms' , 'view' ); $acl->allow( 'admin' , 'cms' , 'edit' ); $acl->deny( 'guest' , 'report' ); $acl->allow( 'departmentA' , 'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit');
  • 30. Evolution of a portal $acl = new Zend_Acl(); $acl->addRole( new Zend_Acl_Role( 'guest' )); $acl->addRole( new Zend_Acl_Role( 'departmentA' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentB' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentC_senior_staff' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentC_marketing' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'cook' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'admin' ), 'member' ); $acl->addResource( new Zend_Acl_Resource( 'cms' )); $acl->addResource( new Zend_Acl_Resource( 'report' )); $acl->addResource( new Zend_Acl_Resource( 'newsletter' )); $acl->addResource( new Zend_Acl_Resource( 'photo' )); $acl->addResource( new Zend_Acl_Resource( 'faq' )); $acl->addResource( new Zend_Acl_Resource( 'invoicing' )); $acl->addResource( new Zend_Acl_Resource( 'stats' )); $acl->addResource( new Zend_Acl_Resource( 'lunchmenu' )); $acl->allow( 'guest' , 'cms' , 'view' ); $acl->allow( 'admin' , 'cms' , 'edit' ); $acl->deny( 'guest' , 'report' ); $acl->allow( 'departmentA' , 'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('cook', 'lunchmenu', 'edit'); $acl->allow('member', 'lunchmenu', 'view'); $acl->allow('accounting', 'invoicing', 'edit'); $acl->allow('admin', 'invoicing', 'edit'); $acl->allow('departmentC_senior_staff', 'invoicing', 'report');
  • 31. Evolution of a portal $acl = new Zend_Acl(); $acl->addRole( new Zend_Acl_Role( 'guest' )); $acl->addRole( new Zend_Acl_Role( 'departmentA' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentB' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentC_senior_staff' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'departmentC_marketing' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'cook' ), 'guest' ); $acl->addRole( new Zend_Acl_Role( 'admin' ), 'member' ); $acl->addResource( new Zend_Acl_Resource( 'cms' )); $acl->addResource( new Zend_Acl_Resource( 'report' )); $acl->addResource( new Zend_Acl_Resource( 'newsletter' )); $acl->addResource( new Zend_Acl_Resource( 'photo' )); $acl->addResource( new Zend_Acl_Resource( 'faq' )); $acl->addResource( new Zend_Acl_Resource( 'invoicing' )); $acl->addResource( new Zend_Acl_Resource( 'stats' )); $acl->addResource( new Zend_Acl_Resource( 'lunchmenu' )); $acl->allow( 'guest' , 'cms' , 'view' ); $acl->allow( 'admin' , 'cms' , 'edit' ); $acl->deny( 'guest' , 'report' ); $acl->allow( 'departmentA' , 'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('cook', 'lunchmenu', 'edit'); $acl->allow('member', 'lunchmenu', 'view'); $acl->allow('accounting', 'invoicing', 'edit'); $acl->allow('admin', 'invoicing', 'edit'); $acl->allow('departmentC_senior_staff', 'invoicing', 'report');
  • 32.
  • 33. keep track of the rules
  • 35.
  • 36. Good : no code changes required
  • 37. Bad : more load on DB
  • 38.
  • 41. ZF Conventional Modular Directory Structure
  • 42.
  • 43.
  • 44.
  • 46. Zend_Acl as a controller plugin <?php class My_Plugin_Acl extends Zend_Controller_Plugin_Abstract { private $_acl = null; public function __construct(Zend_Acl $acl ) { $this ->_acl = $acl ; } public function preDispatch(Zend_Controller_Request_Abstract $request ) { $role = (Zend_Auth::getInstance()->hasIdentity()) ? 'user' : 'guest' ; //For this example, we will use the controller as the resource: $resource = $request ->getControllerName(); if (! $this ->_acl->isAllowed( $role , $resource , 'view' )) { //If the user has no access we send him elsewhere by changing the request and resetting the dispatch $request ->setModuleName( 'auth' ) ->setControllerName( 'auth' ) ->setActionName( 'login' ) ->setDispatched(false); return false; } } }
  • 47. Initializing the ACL Let's have a look
  • 48. Zend_Acl manual rules <?php class My_Acl extends Zend_Acl { public function __construct() { //Add a new role called &quot;guest&quot; $this ->addRole( new Zend_Acl_Role( 'guest' )); //Add a role called user, which inherits from guest $this ->addRole( new Zend_Acl_Role( 'user' ), 'guest' ); //Add a resource called page $this ->add( new Zend_Acl_Resource( 'page' )); //Add a resource called news, which inherits page $this ->add( new Zend_Acl_Resource( 'news' ), 'page' ); //Finally, we want to allow guests to view pages $this ->allow( 'guest' , 'page' , 'view' ); //and users can comment news $this ->allow( 'user' , 'news' , 'comment' ); } }
  • 49. Our ACL id role_id module controller action 1 2 newsletter send index 2 1 cms article edit 3 3 % % % id name email pw 1 Chris [email_address] ******* 2 Jake [email_address] ******* 3 Jeniffer [email_address] ******* id name 1 webmaster 2 marketeer 3 admin user_id role_id 1 2 2 3 3 1
  • 50. Application_Acl class Application_Acl { public function isAllowed($user = null , $request = null ) { if (is_null($user) === false && $user !== false && $user instanceof User) { $userId = $user-> id ; } else { $userId = 0; } $db = Zend_Db_Table:: getDefaultAdapter (); $stmt = $db->query( ' select module_name, controller_name, action_name from privilege join role on role.id = privilege.role_id join userRole on userRole.role_id = role.role_id where userRole.user_id = ? and ( module_name = &quot;%&quot; or ( module_name = ? and ( controller_name = &quot;%&quot; or ( controller_name = ? and ( action_name = &quot;%&quot; or action_name = ? ) ) ) ) ) ' , array ( $userId, $request->getModuleName(), $request->getControllerName(), $request->getActionName() ) ); $stmt->execute(); $row = $stmt->fetch(); // Returns a row or false if ($row !== false ) { return true ; } else { return false ; } } }
  • 51.
  • 52. = 1 query per pageview / ajax request
  • 53. 99.99% will be identical
  • 54. -> &quot;Just rely on MySQL query cache !&quot;
  • 56. Even for cached queries, MySQL connections use memory, I/O, CPU, ...
  • 57.
  • 58. User with 20 privileges -> 20 possible requests
  • 59. All subsequent pageviews : 1 cache request
  • 60.
  • 61. Caching - Option 3 - denormalize in cache
  • 62. What's in the cache ? Entry Data acl_user_3 3, 1, 4 acl_user_1 3, 1, 2 acl_role_1 a:3:{i:0;s:45:&quot;a:2:{i:0;s:5:&quot;%_%_%&quot;;}&quot;;i:1;i:1308106740;i:2;s:6:&quot;604800&quot;;} User's roles Privileges listed in a role
  • 63.
  • 64. User with 20 privileges -> just 1 DB query
  • 65. Per pageview : 1 cache query + 1 cache query per role
  • 66.
  • 67. Less data in the cache (only roles, not full privileges of each user)
  • 68.
  • 69. Caching - let's have a look
  • 70.
  • 71.
  • 72.
  • 73.
  • 75.
  • 81. Reflection - example <?php class Test { static public function testMe ($reason) { echo 'I have a reason : ' . $reason; } } $reflector = new ReflectionClass( 'Test' ); echo 'Class name : ' . $reflector->getName() . &quot;&quot; ; echo &quot;Methods : &quot; ; var_dump($reflector->getMethods()); Outputs : Class name : Test Methods : array(1) { [0]=> &object(ReflectionMethod)#2 (2) { [&quot;name&quot;]=> string(6) &quot;testMe&quot; [&quot;class&quot;]=> string(4) &quot;Test&quot; } }
  • 83.
  • 84.
  • 85. Hide controllers and actions from the interface (docblock)
  • 86.
  • 87. Apply roles to usergroup
  • 88.
  • 90.
  • 92.
  • 93.
  • 94.
  • 95. Code : Github (see site)
  • 96.
  • 97.
  • 98.
  • 102.
  • 103.