views:

542

answers:

1

Hello,

We have a the following structure for our application

require_once "Zend/Loader.php";
Zend_Loader::registerAutoload();
$acl = new Zend_Acl();

// application
$acl->add(new Zend_Acl_Resource('application1'));
// groups
$acl->add(new Zend_Acl_Resource('group1'), 'application1');
$acl->add(new Zend_Acl_Resource('group2'), 'application1');
// fields
$acl->add(new Zend_Acl_Resource('field1'), 'group1');
$acl->add(new Zend_Acl_Resource('field2'), 'group1');
$acl->add(new Zend_Acl_Resource('field3'), 'group2');
$acl->add(new Zend_Acl_Resource('field4'), 'application1');

// roles
$acl->addRole(new Zend_Acl_Role('applicant'));
$acl->addRole(new Zend_Acl_Role('admin'), 'applicant');

// permissions
$acl->allow('applicant', 'application1', 'view');
$acl->allow('applicant', 'group1', 'edit');

This represents a database of college applications and groups/fields are components of a college application. From the above the applicant does have edit permission to edit field2.

The entire structure is stored as an acl object in a mysql database.

After sometime the admins decide to move the field2 from group1 to group2, how would one go about changing the acl object ?

i checked the file Acl.php but there are no methods wherein one change the parent of a resource and thereby automatically update the rules/permissions.

Thanks.

Shashikant

+1  A: 

Personally, I would prefer not to store the serialized ACL object in the database. I'd rather store the information on roles, resources, and permissions directly in database tables and create a new ACL object on the fly when bootstrapping the application.

If you really want to serialize the ACL object to the database, it might work for you to remove the resources in question an re-add them to the ACL. The code would look something like this, although I haven't fed this to a PHP interpreter:

$acl->remove('field2');
$acl->add(new Zend_Acl_Resource('field2'), 'group2');
cg
I am not sure if what cg suggests is a good idea.It is actually duplicating of the Zend_Acl functionality in some custom system so you can actually not use Zend_Acl at all. Even [Zend Documentation][1] suggests using serialization and storage in database or cache, so I think it's okay. [1]: http://framework.zend.com/manual/en/zend.acl.advanced.html#zend.acl.advanced.storing
Josef Sábl