Giving Zend Navigation Pages Multiple ACL Privileges

Question

I'm using Zend_Navigation and am trying to integrate it with Zend_Acl. Each page in the navigation has a privilege attribute. What I can't determine is how to define multiple privileges for a single page.

Use case: A page that is for managing users. I want to display that page (in navigation) if the current signed in user's role has add, edit, or delete privileges on the Users resource.

Example entry in the navigation XML:

<admin_users>
    <label>Users</label>
    <route>default</route>
    <controller>admin</controller>
    <action>users</action>
    <resource>Users</resource>
    <privilege>add,edit,delete</privilege>
</admin_users>

Using a comma-separated list as above doesn't lend the desired behavior.

---

UPDATE

After digging through the code, I found that Zend_Navigation_Page only allows a single string value. Has anyone extended this class or found another way around this limitation?

/**
 * Sets ACL privilege associated with this page
 *
 * @param  string|null $privilege  [optional] ACL privilege to associate
 *                                 with this page. Default is null, which
 *                                 sets no privilege.
 * @return Zend_Navigation_Page    fluent interface, returns self
 */
public function setPrivilege($privilege = null)
{
    $this->_privilege = is_string($privilege) ? $privilege : null;
    return $this;
}

Answer 1

Have you tried the following? I'm not sure if it would work, but I have a feeling it would.

<admin_users>
<label>Users</label>
<route>default</route>
<controller>admin</controller>
<action>users</action>
<resource>Users</resource>
<privilege>add</privilege>
<privilege>edit</privilege>
<privilege>delete</privilege>

Answer 2

Probably some kind of nesting is required to pass the privileges as an array:

<admin_users>
    <label>Users</label>
    <route>default</route>
    <controller>admin</controller>
    <action>users</action>
    <resource>Users</resource>
    <privilege>
        <add>add</add>
        <edit>edit</edit>
    </privilege>
</admin_users>

Edit:

Common sense tells that one link should point to one action. You may add <params> nodes to the menu.

<admin_users_edit>
    <label>Users edit</label>
    <route>default</route>
    <controller>admin</controller>
    <action>users</action>
    <resource>Users</resource>
    <params>
       <do>edit</do>
    </params>
    <privilege>
        <edit>edit</edit>
    </privilege>
</admin_users_edit>


<admin_users_delete>
    <label>Users delete</label>
    <route>default</route>
    <controller>admin</controller>
    <action>users</action>
    <resource>Users</resource>
    <params>
       <do>delete</do>
    </params>
    <privilege>
        <edit>delete</edit>
    </privilege>
</admin_users_delete>

Answer 3

I realized that my problem was my lack of a 'view' type permission. When I'm loading the resource privileges, I now grant an 'admin' privilege on the resource if the user has any privileges for that resource. I then use the 'admin' privilege on the page.

<admin_users>
    <label>Users</label>
    <route>default</route>
    <controller>admin</controller>
    <action>users</action>
    <resource>Users</resource>
    <privilege>admin</privilege>
</admin_users>