Zend ACL Basics
-
Upload
mindfire-solutions -
Category
Software
-
view
563 -
download
0
description
Transcript of Zend ACL Basics
Zend Acl
Presented ByRajanikant Beero
Table of Contents● What is Acl?● Zend & Basic Set Up● Components of Acl(Zend)● Resources in Acl● Roles in Acl● Creating a simple Acl with example● Storing ACL Data for Persistence● Conditional ACL Rules with Assertions● Benefits
What is Acl?● The functionality of specifying access rights to
resources is access control.
● An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resource.
● An access control list (ACL), with respect to a computer file system is a list of permissions attached to the files.
Zend & Basic Set Up● Zend Framework is an open source, object oriented
web application framework for PHP 5.● Zend is often called a 'component library', because
it has many components that you can use more or less independently.
● Provides Model-View-Controller (MVC) implementation.
● Basic set up can be found here - http://framework.zend.com/manual/1.12/en/learning.quickstart.html
Components of Acl(ZF)
● Zend_Acl is a flexible implementation for privileges management.
● Mainly two objects (Resource and role) are involved → a resource is an object to which access is controlled. → a role is an object that may request access to a Resource.→ And privileges is what an object can do on the Resource.
Resource in Zend_Acl● In Zend, resource can be a “module” or “controller”
or “controller action” or any block of code.
● Zend_Acl provides Zend_Acl_Resource_Interface as a resource to facilitate creating resource.
● Additionally, Zend_Acl_Resource is provided by Zend_Acl as a basic resource implementation.
● $acl = new Zend_Acl();● $acl->add(new Zend_Acl_Resource('Resource'));
Role in Zend_Acl
● In Zend, role is the user type say “admin” or “guest”etc.
● Zend_Acl provides Zend_Acl_Role_Interface as a basic role to facilitate creating role.
● Additionally, Zend_Acl_Role is provided by Zend_Acl as a basic role implementation.
● $acl = new Zend_Acl();● $acl->addRole(new Zend_Acl_Role('guest'))
Zend Role continue.....
● In Zend_Acl, a role may inherit from one or more roles. This is to support inheritance of rules among role.
● The following code defines three base roles - "guest", "member", and "admin"
● $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')) ->addRole(new Zend_Acl_Role('admin'));
Zend Role continue.....
Inheritance● $acl->addRole(new Zend_Acl_Role('guest'), 'user')
Multiple Inheritance among Roles:● $parents = array('guest', 'member', 'admin');● $acl->addRole(new Zend_Acl_Role('someUser'),
$parents);
Zend Role continue.....
Multiple Inheritance among Roles:● $acl->add(new
Zend_Acl_Resource('someResource'));
● $acl->deny('guest', 'someResource');● $acl->allow('member', 'someResource');
● echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';
Zend Role continue.....
Multiple Inheritance among Roles:● O/P – allowed
● When specifying multiple parents for a role, then the last parent listed is the first one searched for rules applicable to an authorization query.
Creating a Simple ACL
Storing ACL Data
● Zend_Acl was designed in such a way that it does not require any particular back-end technology such as a database or cache server for storage of the ACL data.
● Zend_Acl is serializable, ACL objects may be serialized with PHP's serialize() function, and the results may be stored anywhere the developer should desire, such as a file, database, or caching mechanism.
● Let us see an example to store the Acl data in database.
Conditional ACL Rules● Zend_Acl provides support for conditional rules
with Zend_Acl_Assert_Interface.→ Only between the hours of 8:00am and 5:00pm.→ Access / Deny specific to any IP address.
● $acl = new Zend_Acl();● $acl->allow(null, null, null, new ClsAssertion());
→ Assertion only applies when the assertion method returns TRUE
Benefits of using Acl→ Security.→ Filtering traffic.→ Confidentiality - Control disclosure of information.→ Centralized place to access and manage ACL rules, resources, and roles.→ Maps nicely to the MVC controller/action architecture.→ Easiness of user and resource management.→ Easy modification.
Questions??
Thank You
Voting time, please vote for better India :)