Zend - controller/action ACL

Question

In my admin module I have a controller called email and I want most actions to be accessible only by logged in admin user. However I want to one action to be accessible to anyone. (It's an email function that will be fired remotely via the URL.). At the moment I'm using Zend_Auth with Zend_Acl like this:

if ($request->getModuleName() == 'admin') {
    // access resources (controllers)
    $acl->addResource('index');
    $acl->addResource('reports');
    $acl->addResource('email');
    $acl->addResource('error');

    // access roles
    $acl->addRole(new Zend_Acl_Role('visitor'));
    $acl->addRole(new Zend_Acl_Role('user'));
    $acl->addRole(new Zend_Acl_Role('admin'));

    // access rules
    $acl->deny('visitor');
    $acl->deny('user');
    $acl->allow('admin');

    $resouce = $request->getControllerName();
    $action = $request->getActionName();
    $identity = $auth->getStorage()->read();
    if (is_object($identity)) {
        $role = $identity->role;
    } else {
        $role = 'visitor';
    }

    if (!$acl->isAllowed($role, $resouce, $action)) {
        $request->setModuleName('default')
                ->setControllerName('auth')
                ->setActionName('login');
    }
}

How do I alter the code above to allow 'visitor' to /admin/email/process action?

Ilians · Accepted Answer

This should do the trick:

$oAcl->allow('visitor','email','functionname');
//or if you want to do both visitor and user
$oAcl->allow(array('visitor','user'),'email','functionname');

Put this code after the access rules you've already written.

Zend - controller/action ACL

Answers (2)

Related Questions