An easy way to load ACL in Zend Framework 2?

Question

I have been following this guide to load my menu configuration and i think it is very nice and clean way to load the menu.

My question is simple, is there a way to load your ACL configuration on the same way with a config array and some kinda of factory?

If there isn't, how do i load a ACL configuration and use with that menu in a easy way?

Thanks!

Edit: This is a very good blog post on why use modules that is already done and not make your own, http://hounddog.github.com/blog/there-is-a-module-for-that/

Answer 1

I've just created an ACL module that creates an ACL Service parsing the routes.

To manage your access control to your application you only need to define roles and add a new key 'roles' in every route. If you do not define that key or its array is empty, then the route becomes public. It also works with child routes.

As an example:

array(
    'router' => array(
        'routes' => array(
            'user\users\view' => array(
                'type'              => 'Segment',
                'options'           => array(
                    'route'         => '/admin/users/view/id/:id/',
                    'constraints'   => array(
                        'id' => '[0-9]+',
                    ),
                    'defaults' => array(
                        'controller' => 'User\Controller\Users',
                        'action'     => 'view',
                        'roles'      => ['admin', 'user'],
                    ),
                ),
            ),
        ),
    ),
);

The module can be installed via composer and it is now listed in the zend modules repository: http://zfmodules.com/itrascastro/TrascastroACL

You can get more detailed info about use and installation from my blog: http://www.ismaeltrascastro.com/acl-module-zend-framework/

Answer 2

Play with This structure . get role and resource from database and save this in session for or any caching .

Answer 3

You are right, there is no out-of-the-box-all-in-one solution. You have to build some bridges between the modules.

Another easy way to integrate BjyAuthorize is using **Zend Navigation**s default methods as described by Rob Allen: Integrating BjyAuthorize with ZendNavigation

    $sm = $e->getApplication()->getServiceManager();

    // Add ACL information to the Navigation view helper
    $authorize = $sm->get('BjyAuthorizeServiceAuthorize');
    $acl = $authorize->getAcl();
    $role = $authorize->getIdentity();
    ZendViewHelperNavigation::setDefaultAcl($acl);
    ZendViewHelperNavigation::setDefaultRole($role);

You can also use ZfcRbac and use a listener to make it work with Zend Navigation.

Since this is a lot of code I simply post the link here: Check Zend Navigation page permissions with ZfcRbac – Webdevilopers Blog

Answer 4

ZF2 contains ACL and also RBAC (role based ACL - might be in ZF2.1), but to put it in place, easier is to use module which you can plug into your application. BjyAuthorize seems to me a bit bloated, you have to use ZfcUser module. I prefer ZfcRbac, the ACL rules are based on user roles (group) and their access to controller, action or route. Configuration stored in one config file, really easy to implement.

Answer 5

Most likely there are several ways to do it, but I prefer to do it in getViewHelperConfig() of application's Module.php (here I use BjyAuthorize module to simplify work with ACL, and in particular it allows to set ACL rules in configuration file module.bjyauthorize.global.php)

public function getViewHelperConfig()
{
    return array(
        'factories' => array(
            'navigation' => function($sm) {
                $auth = $sm->getServiceLocator()->get('BjyAuthorize\Service\Authorize');
                $role = $auth->getIdentityProvider()->getIdentityRoles();
                if (is_array($role))
                    $role = $role[0];

                $navigation = $sm->get('Zend\View\Helper\Navigation');
                $navigation->setAcl($auth->getAcl())->setRole($role);

                return $navigation;
            }
        )
    );
}