User-based dynamic permissions with Zend_ACL

Question

Is it possible to assign users individual permissions based on dynamic elements in a Zend Framework application?

I have tables like so:

clients (id, name, contact_name, contact_number, logo, active)
modules (id, client_id, module_id, active)
permissions (id, user_id, client_id, module_id)
users (id, username, password, email, realname)

What I need to do is allow a specific user to access a specific module for each individual client, but I can't figure out any way to get Zend_ACL to do this. What would be the most efficient way to do so?

Edit: Apologies, I forgot to add a detail. I have to allow an administrator to grant and revoke permissions from users in an administration interface.

Answer 1

The basic framework behind ACLs can be for example like this

$acl = new Zend_Acl();

// allow user with ID 1 access reports section for client with ID 4
$acl->allow(
  new Zend_Acl_Role('user_1'),
  new Zend_Acl_Resource('reports'),
  'client_4'
);

// allow administrator access reports module for all clients
$acl->allow(
  new Zend_Acl_Role('administrator'),
  'reports'
);

And so on...
It pretty much depends on you which style you prefer. Zend_Acl is very flexible and I agree that the manual could have been written with more examples and best practices, but in the end it is not that hard to figure it out on your own.