Is Zend ACL suitable for permissions for content by owner

Question

I think Zend ACL is used to give permissions to user types (student, teacher). Can it be used to give permissions on per content basis. What I mean is this blog post was written by this user and they can edit it. Others can't edit it. Can Zend ACL work with this requirement?

Answer 1

Yes the Zend ACL in ZF can be used to determine owner rights and setup to allow content owner to edit their own posts etc. I am not sure if this place has specific examples for what you want, but you can checkout some Zend ACL Tutorials from zftutorials.com

UPDATE

Setting up the ACL can be done in many different ways depending on how your groups etc are setup. Because of that it is hard to provide a clear cut way of how to do this, but the gist of it is to get the permissions setup on what each owner can do. Then in your Controller where that Action takes place you would have something like:

if (!$this->_helper->acl->isAllowedOwn($author->user_id, 'content', 'edit')) {

This would tell if that author is allowed to edit their own content. Those rules would need to be setup in some way, either via a config file or xml file, which the zftutorials place may shed some light on.

If I get time to work up a tutorial I will update it here. But yea, it is a pretty tedious process to work up a tutorial with ZF given that everyone has different ways of doing items and preferences, not to mention all the inner workings required to set it up.

Answer 2

You can create custom assertions for Zend_Acl. These custom assertions can be passed to the regular allow() method as the fourth param, e.g.

$acl->allow(null, null, null, new MyCustomAssertion());

The assertion can contain any code you want. It has to return a Boolean which will be considered for any ACL checks then, e.g. is this userid allowed access to this resource with that privilege and that custom check?