Is Zend_Acl necessary?

Question

I have a role-based permissions system where I am not sure Zend_Acl is necessary, so I'd like to ask if I am right.

The web applications in question doesn't have a separate admin screens, all controllers/actions are accessible to anyone. So I can't imagine what I can call a "resourse" in such open system.

But some user roles can see grids not filtered by user id - so super admins see all data, and "x admins" see all "x" data.

Is Zend_acl system excessive in this case? Without it things would be simple, I'd just get user role in init() and check against it in some parts of controller.

Answer 1

Just because something exists in ZF, doesnt mean you have to use it any cost. You dont get bonus points for it. If you feel Zend_Acl to be overkill for your usecase, use your simpler approach. That's perfectly acceptable.

Actually, in one of my apps, I am using an ActionHelper to check on a user's role. The helper has a single method requireRole() that accepts the required role as a string. Now, when I need to restrict an action, I simply call up this helper method as the first thing. If I need an entire controller to be restricted, I place the call in the init() method. Drawback is, access control is not centralized.

In another app, I only have one single controller that needs access restriction. In that app, I used a ControllerPlugin that would check if the requested controller is the restricted controller and if the user has the required role for that. That worked fine as well and I could have added additional controllers to the check as needed.

So, use what fits :)