Zend_Auth: How to check role in addition to username and password?

Question

I want my 'users' table in my database to contain users of all different levels (members, moderators, admins, etc). So a column in my 'users' table is role. I want to be able to check the role to see if they have permission to log in to special parts of the application. How can I do this? Here is my auth adapter so far:

protected function _getAuthAdapter($formData)
{
    $dbAdapter = Zend_Db_Table::getDefaultAdapter();
    $authAdapter  = new Zend_Auth_Adapter_DbTable($dbAdapter);

    $authAdapter->setTableName('users');
    $authAdapter->setIdentityColumn('username');
    $authAdapter->setCredentialColumn('password');

    $authAdapter->setIdentity($formData['username']);
    $authAdapter->setCredential(md5($formData['password']));

    return $authAdapter;
}

Answer 1

You may be trying to use Zend_Auth for a purpose it wasn't intended.

Zend_Auth is supposed to tell you whether a user is who he says he is, not whether they have permission to do a particular thing.

You're looking for Zend_ACL: http://zendframework.com/manual/en/zend.acl.html

Answer 2

If you're not wanting to use Zend_Acl for this yet, try this:

protected function getAuthAdapter()
{
    if (null === $this->_auth)
    {
        $a = new Zend_Auth_Adapter_DbTable(
            Zend_Registry::get('db')
        );

        $a->setTableName('users')
          ->setIdentityColumn('email')
          ->setCredentialColumn('password');

        // Get the select object and
        // modify to check against whatever you want
        $s = $a->getDbSelect();
        $s->where('userType = ?', 'admin'); // Or whatever, you can see what I'm doing

        $this->_auth = $a;
    }

    return $this->_auth;
}

You can see that you can use getDbSelect() to get the actual Zend_Db_Select object that Zend_Auth is using and modify it as needed.