Upload
mindfire-solutions
View
557
Download
0
Tags:
Embed Size (px)
DESCRIPTION
An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. The Zend Acl will teach us how we should implement the ACL functionality for the web applications which is built in Zend Framework.
Citation preview
Zend Acl
Presented ByRajanikant Beero
Table of Contents● What is Acl?● Zend & Basic Set Up● Components of Acl(Zend)● Resources in Acl● Roles in Acl● Creating a simple Acl with example● Storing ACL Data for Persistence● Conditional ACL Rules with Assertions● Benefits
What is Acl?● The functionality of specifying access rights to
resources is access control.
● An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resource.
● An access control list (ACL), with respect to a computer file system is a list of permissions attached to the files.
Zend & Basic Set Up● Zend Framework is an open source, object oriented
web application framework for PHP 5.● Zend is often called a 'component library', because
it has many components that you can use more or less independently.
● Provides Model-View-Controller (MVC) implementation.
● Basic set up can be found here - http://framework.zend.com/manual/1.12/en/learning.quickstart.html
Components of Acl(ZF)
● Zend_Acl is a flexible implementation for privileges management.
● Mainly two objects (Resource and role) are involved → a resource is an object to which access is controlled. → a role is an object that may request access to a Resource.→ And privileges is what an object can do on the Resource.
Resource in Zend_Acl● In Zend, resource can be a “module” or “controller”
or “controller action” or any block of code.
● Zend_Acl provides Zend_Acl_Resource_Interface as a resource to facilitate creating resource.
● Additionally, Zend_Acl_Resource is provided by Zend_Acl as a basic resource implementation.
● $acl = new Zend_Acl();● $acl->add(new Zend_Acl_Resource('Resource'));
Role in Zend_Acl
● In Zend, role is the user type say “admin” or “guest”etc.
● Zend_Acl provides Zend_Acl_Role_Interface as a basic role to facilitate creating role.
● Additionally, Zend_Acl_Role is provided by Zend_Acl as a basic role implementation.
● $acl = new Zend_Acl();● $acl->addRole(new Zend_Acl_Role('guest'))
Zend Role continue.....
● In Zend_Acl, a role may inherit from one or more roles. This is to support inheritance of rules among role.
● The following code defines three base roles - "guest", "member", and "admin"
● $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')) ->addRole(new Zend_Acl_Role('admin'));
Zend Role continue.....
Inheritance● $acl->addRole(new Zend_Acl_Role('guest'), 'user')
Multiple Inheritance among Roles:● $parents = array('guest', 'member', 'admin');● $acl->addRole(new Zend_Acl_Role('someUser'),
$parents);
Zend Role continue.....
Multiple Inheritance among Roles:● $acl->add(new
Zend_Acl_Resource('someResource'));
● $acl->deny('guest', 'someResource');● $acl->allow('member', 'someResource');
● echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';
Zend Role continue.....
Multiple Inheritance among Roles:● O/P – allowed
● When specifying multiple parents for a role, then the last parent listed is the first one searched for rules applicable to an authorization query.
Creating a Simple ACL
Storing ACL Data
● Zend_Acl was designed in such a way that it does not require any particular back-end technology such as a database or cache server for storage of the ACL data.
● Zend_Acl is serializable, ACL objects may be serialized with PHP's serialize() function, and the results may be stored anywhere the developer should desire, such as a file, database, or caching mechanism.
● Let us see an example to store the Acl data in database.
Conditional ACL Rules● Zend_Acl provides support for conditional rules
with Zend_Acl_Assert_Interface.→ Only between the hours of 8:00am and 5:00pm.→ Access / Deny specific to any IP address.
● $acl = new Zend_Acl();● $acl->allow(null, null, null, new ClsAssertion());
→ Assertion only applies when the assertion method returns TRUE
Benefits of using Acl→ Security.→ Filtering traffic.→ Confidentiality - Control disclosure of information.→ Centralized place to access and manage ACL rules, resources, and roles.→ Maps nicely to the MVC controller/action architecture.→ Easiness of user and resource management.→ Easy modification.
Questions??
Thank You
Voting time, please vote for better India :)