Zend framework authentication and acl question
Question
After successfull login/authentication can i allow/deny some action ?
Is there any allow/deny function with zend authentication ?
Or do i have to allow/deny with only zend acl ?
And how can i create resouce with actions ?
2 answers
solution1
2 2011-08-27 17:08:52
If you just want to allow/deny for logged in/not logged in, you obviously don't need ACL. You just check for authentication. If user is not authenticated, reroute with a flash message. If you need different user groups, you will want to use ACL because that's what this component is made for.
solution2
2 ACCPTED 2011-08-27 18:00:21
Zend_Auth handles authentication, and does not provide any authorization facilities. This is good. Auth will answer the question "is the user authenticated", via hasIdentity(), or "who is the user" via getIdentity().
It will not answer questions like "is the user allowed to access FooController", or "is this user allowed to update this particular Widget object". If you want to do that sort of thing, you use Zend_Acl, or some other authorization scheme.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.