Zend Acl

Presented ByRajanikant Beero

Table of Contents● What is Acl?● Zend & Basic Set Up● Components of Acl(Zend)● Resources in Acl● Roles in Acl● Creating a simple Acl with example● Storing ACL Data for Persistence● Conditional ACL Rules with Assertions● Benefits

What is Acl?● The functionality of specifying access rights to

resources is access control.

● An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resource.

● An access control list (ACL), with respect to a computer file system is a list of permissions attached to the files.

Zend & Basic Set Up● Zend Framework is an open source, object oriented

web application framework for PHP 5.● Zend is often called a 'component library', because

it has many components that you can use more or less independently.

● Provides Model-View-Controller (MVC) implementation.

● Basic set up can be found here - http://framework.zend.com/manual/1.12/en/learning.quickstart.html

Components of Acl(ZF)

● Zend_Acl is a flexible implementation for privileges management.

● Mainly two objects (Resource and role) are involved → a resource is an object to which access is controlled. → a role is an object that may request access to a Resource.→ And privileges is what an object can do on the Resource.

Resource in Zend_Acl● In Zend, resource can be a “module” or “controller”

or “controller action” or any block of code.

● Zend_Acl provides Zend_Acl_Resource_Interface as a resource to facilitate creating resource.

● Additionally, Zend_Acl_Resource is provided by Zend_Acl as a basic resource implementation.

● $acl = new Zend_Acl();● $acl->add(new Zend_Acl_Resource('Resource'));

Role in Zend_Acl

● In Zend, role is the user type say “admin” or “guest”etc.

● Zend_Acl provides Zend_Acl_Role_Interface as a basic role to facilitate creating role.

● Additionally, Zend_Acl_Role is provided by Zend_Acl as a basic role implementation.

● $acl = new Zend_Acl();● $acl->addRole(new Zend_Acl_Role('guest'))

Zend Role continue.....

● In Zend_Acl, a role may inherit from one or more roles. This is to support inheritance of rules among role.

● The following code defines three base roles - "guest", "member", and "admin"

● $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')) ->addRole(new Zend_Acl_Role('admin'));

Zend Role continue.....

Inheritance● $acl->addRole(new Zend_Acl_Role('guest'), 'user')

Multiple Inheritance among Roles:● $parents = array('guest', 'member', 'admin');● $acl->addRole(new Zend_Acl_Role('someUser'),

$parents);

Zend Role continue.....

Multiple Inheritance among Roles:● $acl->add(new

Zend_Acl_Resource('someResource'));

● $acl->deny('guest', 'someResource');● $acl->allow('member', 'someResource');

● echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';

Zend Role continue.....

Multiple Inheritance among Roles:● O/P – allowed

● When specifying multiple parents for a role, then the last parent listed is the first one searched for rules applicable to an authorization query.

Creating a Simple ACL

Storing ACL Data

● Zend_Acl was designed in such a way that it does not require any particular back-end technology such as a database or cache server for storage of the ACL data.

● Zend_Acl is serializable, ACL objects may be serialized with PHP's serialize() function, and the results may be stored anywhere the developer should desire, such as a file, database, or caching mechanism.

● Let us see an example to store the Acl data in database.

Conditional ACL Rules● Zend_Acl provides support for conditional rules

with Zend_Acl_Assert_Interface.→ Only between the hours of 8:00am and 5:00pm.→ Access / Deny specific to any IP address.

● $acl = new Zend_Acl();● $acl->allow(null, null, null, new ClsAssertion());

→ Assertion only applies when the assertion method returns TRUE

Benefits of using Acl→ Security.→ Filtering traffic.→ Confidentiality - Control disclosure of information.→ Centralized place to access and manage ACL rules, resources, and roles.→ Maps nicely to the MVC controller/action architecture.→ Easiness of user and resource management.→ Easy modification.

Questions??

Thank You

Voting time, please vote for better India :)