Alex Tech Adventures The webs best tutorials!

** This thread discusses the content article: Allocation resources and permissions with Zend_Acl **

Hey,

The past week or maybe two I have been trying to learn the Zend Framework and these video tutorials have been a great help. Especially they way the priveleges are checked before the rest of the application is really elegant, something I definitely would like to keep. How do you however solve the following problem:

A user posts a message to a guestbook (users are allowed to post messages), but afterward he is the only one that may delete and/or edit that message. And what if the priveleges change, would he still be able to edit/delete that message?

Some solutions I thought of:
- making a model which can be guessed depending on the controller name and do such an action:
Model_privelege_controllername::check_privelege($user, $uri_data);

which is called in the bootstrap or front_controller before calling the controller.

The other question: what to do with the rest of the priveleges after a change. I guess this should work cascading in some sort of way. It wouldn't be a bad thing to remove the permissions of deleting and editing if the role is not allowed to add anymore. There is always going to be a role that can do that for him on request (an admin or so)

Hope you can help me out on this one.

PS: the tutorials are really good, seen all of them and am looking forward to the next one.

Thank you

I had a few varieties of this question so its been a part of pending tutorial requests. This type of problem is solved using dynamic assertions technique. You can get a head start on ralphschindler.com/2009/08/13/dynamic-as...s-for-zend_acl-in-zf

See if this is close to what you need.

Hi,
Just want to start by saying what a good job you are doing of taking a lot of the pain out of learning zend. I am a fairly experienced php programmer and this little problem is driving me crazy. I have run through this tutorial and setup the auth and acl along with a database similar to yours.

The problem: When the user logs in i am still do not appear to be getting a correct Zend_Auth instance set. for example, i was getting the notice issue regarding the null user which was fine when no user is logged in but even when a user is logged in and an identity is set the object is still null. However if i echo Zend_Auth::getInstance()->getIdentity(); in the bootstrap it returns the name of the user!! Why is it unable to get the role field or any of the others. I followed the additional tutorial to check if the identity is set:

if (Zend_Auth::getInstance()->hasIdentity()) {
Zend_Registry::set('role',Zend_Auth::getInstance()->getStorage()->read()->role); <---Line 14
} else {
Zend_Registry::set('role','guest');
}

The problem is that the identity is set so it tries to grab the role from storage but it still doesnt exist and im back to the same old

Notice: Trying to get property of non-object in I:\Vivo\Technical\Sites\Repos\signapps_server\application\Bootstrap.php on line 14

Do you have any idea what i might be doing wrong been looking at this for a long time now and im stuck.

Ps have you thought about putting a donations pay up through Paypal

Thank you

If getIdentity returns the name of the user correctly, then i do not think there is a problem with auth instance itself. However, there is some kind of problem with the percistent auth storage container that holds the aditional info. Lets begin troubleshooting this problem by posting file that does the actual authentication (in my example AuthenticationController.php) and see if the lines

do their job properly. That is the section that stores the role info into the auth's storage. All the data that is passed from the DB into auth storage takes a form of an object inside getStorage(), hence if there is a problem transmiting role info from the DB table into authStorage, the object will be null.

I had a number of donation requests, actually. However, i am slightly skeptical for two reasons. First, is that my video releases have not been very consistent lately so I do not want donators to waste their money on unpredictable work. Secondly, I want to emphasize that I do this purely out of love for the community with no desire for anything in return. That said, making these videos on just 1Gb of RAM on a slightly damaged motherboard is rather frustrating (i need a number of applications running that are when put together use up well over 1Gb) and i do often begin to think how a donation button could possibly help against that.
I havent come up with a conclusive decision on that one yet.

Alex,
Thank you! You were right on the money there, my 'if statement' was failing and therefore not running the getrowresultobject and setting it in the auth storage. What rew me was the fast that there was still an identity being set so i assumed it was running. Quite why i didnt think to check that is anyones guess but i think i might be to do with debugging at 2.30am . Big Thank you once again for the fast responce.

With regards to donations, they are just that donations, not paying you for future work. I myself would be happy as I am sure many other would be to dontate for the existing excellent work you have done and for the help you have provided. I know its a passion and I understand that all too well but would be nice if at least your costs etc were covered (web hosting etc and a few beers). Just my 2 cents and once again big thank you!

SIDENOTE: Firefox 3 is complaining about:

$this->_redirect('index/index'); Reports

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.