zend框架中的动态自定义ACL？ [英] Dynamic custom ACL in zend framework?

问题描述

我需要一个解决方案，其中允许经过身份验证的用户访问某些控制器/操作，而不基于其用户类型：ie。管理员或普通用户（尽管以后可以使用标准ACL添加它），但要根据其用户的当前状态。

I need a solution where authenticated users are allowed access to certain Controllers/Actions based not on their user type :ie. admin or normal user (although I may add this using standard ACL later) but according to the current status of their user.

例如：

他们已经成为网站成员超过1周了吗？

Have they been a member of the site for more than 1 week?

他们是否已完整填写个人资料？

Have they filled in their profile fully?

实际上，现在我想到了，就像他们在本网站上拥有特权和徽章一样。

Actually, now that I think about it, kind of like they have on this site with their priviledges and badges.

推荐答案

对于您正在描述的基于动态条件的测试，可以使用动态断言在您的 Zend_Acl 规则中。

For dynamic condition-based tests like you are describing, you can use dynamic assertions in your Zend_Acl rules.

例如：

class My_Acl_IsProfileComplete implements Zend_Acl_Assert_Interface
{
    protected $user;

    public function __construct($user)
    {
        $this->user = $user;
    }

   public function assert(Zend_Acl $acl, 
                           Zend_Acl_Role_Interface $role = null,
                           Zend_Acl_Resource_Interface $resource = null,
                           $privilege = null)
    {
        // check the user's profile
        if (null === $this->user){
            return false;
        }
        return $this->user->isProfileComplete();  // for example
    }
}

然后在定义Acl对象时：

Then when defining your Acl object:

$user = Zend_Auth::getInstance()->getIdentity();
$assertion = new My_Acl_Assertion_IsProfileComplete($user);
$acl->allow($role, $resource, $privilege, $assertion);

当然，某些细节取决于您需要检查的内容以及可以检查的内容是否使用取决于您在 Zend_Auth :: setIdentity（）调用中存储的内容-仅用户ID，完整用户对象等。以及角色，资源和特权完全是特定于应用程序的。

Of course, some of the details depend upon the specifics of what you need to check and what you can use in your depend upon what you store in your Zend_Auth::setIdentity() call - only a user Id, a full user object, etc. And the roles, resources, and privileges are completely app-specific. But hopefully this gives the idea.

此外，由于断言对象在实例化时需要用户对象，因此无法在Bootstrap中添加此动态规则。但是，您可以在引导过程中使用静态规则创建核心Acl实例，然后注册添加动态断言的前端控制器插件（例如，以 preDispatch（）运行）。这样，当您到达控制器时（大概是在检查它们的时间），Acl就会被完全填充。

Also, since the assertion object requires a user object at instantiation, this dynamic rule cannot be added at Bootstrap. But, you can create the core Acl instance with static rules during bootstrap and then register a front controller plugin (to run at preDispatch(), say) that adds the dynamic assertion. This way, the Acl is fully populated by the time you get to your controllers where presumably you would be checking them.

只需大声思考。

这篇关于zend框架中的动态自定义ACL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！