Zend_Auth + Zend_Acl

The other day, sat down to study the Zend Framework. I decided to immediately write a simple cms. First of all I decided to deal with authentication and authorization.


I actually had to suffer, but I got mine. and now I decided to share my torment with habrauser.

Step 1 . You need to create a class with inheritance from Zend_Controller_Action:
')
class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
//
}
}


Now all controllers need to inherit from the class we just created. All that in the preDispatch () function will be processed earlier than the controller, which is what we need.

Step 2 . Authentication itself. I did not invent anything and took from this habratopik

Step 3 . Let's start working with the preDispatch () function.

First, we need to know what the user is on the site. To do this, read the session:

class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
$this->user = $this->getUser();

}

public function getUser() {
Zend_Session::start();
$namespace = new Zend_Session_Namespace('Zend_Auth');
if($namespace->storage) {
$user['id'] = $namespace->storage->id;
$user['username'] = $namespace->storage->username;
$user['name'] = $namespace->storage->name;
// .
$user['group'] = $namespace->storage->group;
return $user;
}
else {
// ,
return array('id' => '0','username' => 'Guest','name' => '','group' => 'guest');
}
}
}


So, the user authentication stage is passed, proceed to authorization. I will not give the basics of Zend_Acl, in principle, everything is so clear from the code:

$acl = new Zend_Acl();

// , ..
$acl->addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('user'))
->addRole(new Zend_Acl_Role('admin'));

// ,
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('articles'));
$acl->add(new Zend_Acl_Resource('user'));
$acl->add(new Zend_Acl_Resource('auth'));
$acl->add(new Zend_Acl_Resource('error'));
$acl->add(new Zend_Acl_Resource('registration'));

// ( - Action ) null =
$acl->deny('guest', 'user', null);
//
$acl->allow(null, null, null);

//
if(!$acl->isAllowed($this->user['group'], $this->getRequest()->getControllerName(),$this->getRequest()->getActionName())) {
// ,
$this->_redirect('/error/error/');
}


That's all. At the end, I’ll quote the entire controller code with preDispatch ():

class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
$this->user = $this->getUser();

$acl = new Zend_Acl();

$acl->addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('user'))
->addRole(new Zend_Acl_Role('admin'));

$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('articles'));
$acl->add(new Zend_Acl_Resource('user'));
$acl->add(new Zend_Acl_Resource('auth'));
$acl->add(new Zend_Acl_Resource('error'));
$acl->add(new Zend_Acl_Resource('registration'));

$acl->deny('guest', 'user', null);
$acl->allow(null, null, null);

$request = $this->getRequest();
if(!$acl->isAllowed($this->user['group'], $this->getRequest()->getControllerName(), $this->getRequest()->getActionName())) {
$this->_redirect('/error/error/');
}
}

public function getUser() {
Zend_Session::start();
$namespace = new Zend_Session_Namespace('Zend_Auth');

if($namespace->storage) {
$user['id'] = $namespace->storage->id;
$user['username'] = $namespace->storage->username;
$user['name'] = $namespace->storage->name;
$user['group'] = $namespace->storage->group;

return $user;
}
else {
return array('id' => '0','username' => 'Guest','name' => '','group' => 'guest');
}
}
}



Thanks to everyone who came to the end. I hope that this will help someone.