-
Notifications
You must be signed in to change notification settings - Fork 2
Authorization
Authorization takes place using the Zend_Acl object. Authorization is done on a per-page basis, so you either have access to the requested page or not. In that paradigm, the resource is the module_controller
and the privilege is the action
. OTF builds the ACL automatically (and caches it as well) using reflection to scan the application directory for controller files, then parses out the actions.
By default, OTF comes with 2 roles. A guest
role which has the ability to see the base index page and login, then an administrator
role which can do everything in the app.
Users are assigned roles, and roles have access to certain resources and privileges. A user can have multiple roles in OTF. Read up on how Zend_Acl handles roles and inheritance to understand more.
Additional roles should be created as needed. Roles and access restrictions are stored in the database in the tbl_ot_role
and tbl_ot_role_rule
tables. Assignments of those roles are stored in tbl_ot_account_roles
.
Manage the roles by going to /ot/acl in your OTF app.
There will come a time when you need to access the ACL for various reasons.
The ACL can be found in Zend_Registry as the key "acl". This references the Zend_Acl object.
There is an action helper created to check access quickly. In your action, you can reference $this->_helper->hasAccess($privilege, $resource, $role);
. If no $resource is set, it will be the current resource. If not role is set, it will be the role of the logged-in-user.