You could make a view helper. Here's mine, you'd need to adjust to taste:
class My_View_Helper_IsAllowed extends Zend_View_Helper_Abstract
{
public function isAllowed($resource = null, $privilege = null)
{
$front = Zend_Controller_Front::getInstance();
if ($front->hasPlugin('App_Controller_Plugin_Auth'))
{
$authPlugin = $front->getPlugin('App_Controller_Plugin_Auth');
$identity = Zend_Auth::getInstance()->getIdentity();
$role = (!empty($identity) && isset($identity->id)) ? '#user_'.$identity->id : null;
$retval = false;
try {
$retval = $authPlugin->acl->isAllowed($role, $resource, $privilege);
}
catch (Exception $ex) { }
return $retval;
}
return false;
}
}
Then in the views you could do:
<?php if ($this->isAllowed('admin_user', 'index')) { ?>
<li>
url(array('module'=>'admin', 'controller'=>'user'), null, true)?>">Manage Users<?php } ?>
bytte wrote:
I managed to set up authentication through Zend_Auth and access control through Zend_Acl. This works without any problem. However, I'd like to take things one step further.
My view scripts sometimes display links to pages that are not accessible by the logged in user, because that user does not have the proper rights to view that page. Think of an "edit" link next to a blog article. If only the author of the article is allowed (via Zend_Acl) to edit the article, then it makes no sense to display the "edit" link to other users as well, as clicking on the link will only send them to a "not authorised" page.
Is there a convenient way of dealing with this problem? I'm sure it's a common request so I was hoping someone could help me with it.
Thanks in advance.
