views:

147

answers:

1

i am creating a acl controller plugin that checks the if the user is authorized to the resource and redirect to the error controller to handle it. how do i go abt doing this?

+1  A: 

Take a look at this question on SO: Help with Zend ACL.
Another good ACL/Auth tutorial can by found at devzone: Zend_Acl / Zend_Auth Example Scenario (The codelisting is incomplete but have a look at the comment "THE MISSING PIECES")

The important part is in the preDispatch Plugin:

$controller = $request->controller;
$action     = $request->action;
$module     = $request->module;
$resource   = $controller;

if (!$this->_acl->isAllowed($role, $resource, $action)) {
    if (!$this->_auth->hasIdentity()) {
        $module     = 'default';
        $controller = 'login';
        $action     = 'index';
    } else {
        $module     = 'default';
        $controller = 'error';
        $action     = 'privileges';
    }
}

$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);

If the is not logged in or has insufficient rights the request will be modified to forward to the Loginpage or the error controller.

Benjamin Cremer
this is a great answer for my other question :) to redirect from controller plugins. use `Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector')`. here, i am wondering how i can edit the error controller to show error messages to the user eg. if they are trying to access an unauthorized resource
jiewmeng