views:

53

answers:

1

I'm coding a zend framework application using the the standard mvc paradigm with an added service layer to take care of application/business logic. It seems quite popular to put your access control into your services, rather than your modules/controllers/actions, however, I have only seen simple examples with static roles and permissions for those roles.

My application will be using a dynamic acl, allowing the admin user to add roles and set permissions on those roles. I have two questions:

  1. How do you map permissions in user land to that of services and methods in services? I don't believe it should be a 1:1 mapping. If your application is sufficiently large, you will have many services with many methods, and the permission structure will quickly become confusing for an end user setting permissions for a role.
  2. I have services that are global to the application and not specific to a module. How would you set permissions for those services based on the module that is accessed?

Any help would be greatly appreciated.

+1  A: 

Hi Sleepy,

This link maybe would helpfup http://codeutopia.net/blog/2009/02/18/zend_acl-part-3-creating-and-storing-dynamic-acls/

Skelton