Zend Framework Community › Zend Auth

Authorization Action Helper/Plugin

1 message Options
Embed this post
Permalink
Chris Morrell

Authorization Action Helper/Plugin

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)
Hey folks,

I'm working on an authorization action helper and I was hoping for some feedback.  Basically I want to create a helper that handles authorization against an ACL, and redirecting the user if they do not have the correct privileges.  I want to build it in a generic way that it can be reused by others.

I'm thinking that the plugin will depend on three "helper" objects to make this happen:
  1. The ACL object
  2. An object to convert identity to role
  3. And an object to convert a request into a resource/privilege pair
Obviously this doesn't cover everything, but it would fit a lot of scenarios.  On top of these it will have a few options, like the default role and where to redirect if unauthorized.

Here's my basic idea of how it'd be used (I'm having trouble coming up with good class names—suggestions welcome):

<?php

class My_Controller_Plugin_Auth_Rolemapper implements Galahad_Controller_Plugin_Auth_Rolemapper_Interface
{
    public function map($identity)
    {
        $user = new My_Model_User($identity);
        return $user->getRoleId();
    }
}

class My_Controller_Plugin_Auth_Resourcemapper implements Galahad_Controller_Plugin_Auth_Resourcemapper_Interface
{
    protected $_resource;
    protected $_privilege;

    public function map(Zend_Controller_Request_Abstract $request)
    {
        $this->_resource $request->getControllerName();
        $this->_privilege $request->getActionName();
        return true;
    }

    public function getResource()
    {
        return $this->_resource;
    }

    public function getPrivilege()
    {
        return $this->_privilege;
    }
}

$acl = new Zend_Acl(); /* ... */
$roleMapper = new My_Controller_Auth_Rolemapper();
$resourceMapper = new My_Controller_Auth_Resourcemapper();
$options = array(
    'defaultRole' => 'guest',
    'authRoute' => array('controller' => 'account''action' => 'login'),
    // 'authUrl' => 'http://www.mysite.com/login',
);

$authHelper = new Galahad_Controller_Plugin_Auth($acl$roleMapper$resourceMapper$options);
Zend_Controller_Action_HelperBroker::addHelper($authHelper);

?>

In my example we're using the controller as the resource and the action as the privilege, but the resource mapper could do whatever it wanted there (and the same with the role mapper).

Thoughts?
-- 

Chris Morrell
http://www.cmorrell.com


-----------------------------------------------------------------
Philadelphia Events/Blogs/Etc:  http://www.phillynewmediahub.com
Find a Home Inspector:          http://www.inspector.org
-----------------------------------------------------------------
Free Embeddable Forum Powered by Nabble Help