I have a role-based permissions system where I am not sure Zend_Acl is necessary, so I'd like to ask if I am right.
The web applications in question doesn't have a separate admin screens, all controllers/actions are accessible to anyone. So I can't imagine what I can call a "resourse" in such open system.
But some user roles can see grids not filtered by user id - so super admins see all data, and "x admins" see all "x" data.
Is Zend_acl system excessive in this case? Without it things would be simple, I'd just get user role in init() and check against it in some parts of controller.
Just because something exists in ZF, doesnt mean you have to use it any cost. You dont get bonus points for it. If you feel Zend_Acl to be overkill for your usecase, use your simpler approach. That's perfectly acceptable.
Actually, in one of my apps, I am using an
ActionHelperto check on a user's role. The helper has a single methodrequireRole()that accepts the required role as a string. Now, when I need to restrict an action, I simply call up this helper method as the first thing. If I need an entire controller to be restricted, I place the call in theinit()method. Drawback is, access control is not centralized.In another app, I only have one single controller that needs access restriction. In that app, I used a
ControllerPluginthat would check if the requested controller is the restricted controller and if the user has the required role for that. That worked fine as well and I could have added additional controllers to the check as needed.So, use what fits :)