Reputation: 225
Zend Navigation and RBAC
I am developing a ZF2 based site. I have a main navigation which stays same regardless of the visitor/user status. Need to add another component/nav, which will depend on the user's status and role. For a visitor the items will be
- Register
- Login
- EN (Actually a drop-down, with other available language)
For a logged-in normal user, it will display
- Profile
- Logout
- EN (Language selector as mentioned above)
And for some users with specific roles/permission there will be additional items
I want to use RBAC, as ACL seems bloated, and also just to check if the current logged in user/role has additional items, I need to load the complete ACL (and we got around 15+ different types of roles).
I spent some time thinking how I have achieve this, so following are some ideas I have.
- I create an empty navigation container, and create a factory. In the factory, I access the Authentication and RBAC and add the pages depending on the the user's status/role.
- I create a fully loaded navigation with all the possible pages, then in the factory, with the help of Authentication and RBAC I hide the pages I don't want to show.
rd option is to use a view helper which will get RBAC via ServiceLayer and generate the navigation. (As discussed in ZF2 how to display tweets in layout and ZF2 : Add a Login widget in the template.
- Or I can create a controller-plugin or just a method in module.php, and listen to the MVC_Render or MVC_Dispatch event and generate the desired navigation and add the output to a view variable.
PS: I need to use a partial as I need to add some CSS class to the language selection section. Also the navigation will be displayed in the layout.
Upvotes: 2
Views: 2255
Answers (1)
Reputation: 1688
I am using ZfcRbac and I am doing it as the following, you can display the navigation based on user roles and the navigation items permission as the following:
First add a permission to your navigation item as the following:
'permission' => 'edit-profile',
Then attach a listener in the onBootstrap as the following:
public function onBootstrap(MvcEvent $e)
{
$eventManager = $e->getApplication()->getEventManager();
$eventManager->getSharedManager()->attach(
'Zend\View\Helper\Navigation\AbstractHelper',
'isAllowed',
array('\Application\Listener\RbacListener', 'accept')
);
$moduleRouteListener = new ModuleRouteListener();
$moduleRouteListener->attach($eventManager);
}
Then create a class Application\Listener\RbacListener as the following:
public function accept(Event $event) {
$event->stopPropagation();
$accepted = true;
$serviceLocator = $event->getTarget()->getServiceLocator()->getServiceLocator();
$rbac = $serviceLocator->get('ZfcRbac\Service\Rbac');
$params = $event->getParams();
$page = $params['page'];
$permission = $page->getPermission();
if ($permission) {
$accepted = $rbac->isGranted($permission);
}
return $accepted;
}
and by this when you display the menu it will be filtered based on the permission and roles, for example if you do echo $this->navigation('navigation')->menu() then only the menu items that the user has permission on will be displayed.
Upvotes: 3
Related Questions
- Zend Navigation & recursive Zend Acl
- Zend navigation and Zend ACL
- Zend Navigation privileges without Zend ACL's
- Zend Navigation, ACL and Partials
- Linking Zend_Acl with Zend_Navigation
- Zend navigation rendering issue
- Zend Framework 2: Zend_Navigation
- Zend multiple navigation with ACL
- Bootstrapping Zend Layout and include navigation resource
- Zend Navigation - various navigation blocks