How to inspect every query going to DB from Zend Framework

Question

I have a complex reporting application that allows clients to login and view reports for their client data. There are several sections of the application where there are database calls, using various controllers. I need to make sure that client A doesn't get client B's information via header manipulation.

The system authenticates, and assignes them a clientID and roleID. If your roleID >1, that means you work for the company hosting the data, and you can see all client info. I want to create a catch-all that basically works like this:

    if($roleID > 1) {

    ...send query to database

   }else {
     if(...does this query select a record with clientID other than my $auth->clientID){
     do not execute query
  }else {
   execute query
   }
}

The problem is, I want this to run for every query that goes to the server... how can I place this code as a "roadblock" between the application and the DB? I already use Zend_Profiler to look at queries, so I know it is somehow possible, but cannot discern this from the Profiler code...

I can always write an authentication function and pass selected queries that way, but this catch-all would be easier to implement across all of the calls and would be future proof. Any help is appreciated.

Answer 1

Another option is to extend your database adapter so you can intercept the queries directly. IMO, you should try and do this at the application level though.

Answer 2

If this is something you want run on every query, I'd suggest extending Zend_Db_Select and overwrite either the query() or assemble() functions to add in your logic. You'll also want to add a way for it to be aware of your $auth object.

Answer 3

it's application design fault. you shoud use 'service architecture' - the only one entry point for queries would be a service. and any checks inside it.

Answer 4

Depending on your database server, you can put a trace on the DB side.

Here's an example for Oracle:

http://orafaq.com/wiki/SQL_Trace