Zend ACL Basics
3 likes1,326 views
The document presents an overview of Zend ACL, including its setup, components, roles, and resources for access control in web applications. It explains how Zend ACL allows for the management of user permissions and the implementation of conditional access rules. The benefits of using ACL, such as enhanced security and ease of management, are also highlighted.
Zend ACL Basics
- 1. Zend Acl Presented By Rajanikant Beero
- 2. Table of Contents ● What is Acl? ● Zend & Basic Set Up ● Components of Acl(Zend) ● Resources in Acl ● Roles in Acl ● Creating a simple Acl with example ● Storing ACL Data for Persistence ● Conditional ACL Rules with Assertions ● Benefits
- 3. What is Acl? ● The functionality of specifying access rights to resources is access control. ● An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resource. ● An access control list (ACL), with respect to a computer file system is a list of permissions attached to the files.
- 4. Zend & Basic Set Up ● Zend Framework is an open source, object oriented web application framework for PHP 5. ● Zend is often called a 'component library', because it has many components that you can use more or less independently. ● Provides Model-View-Controller (MVC) implementation. ● Basic set up can be found here - http://framework.zend.com/manual/1.12/en/learnin g.quickstart.html
- 5. Components of Acl(ZF) ● Zend_Acl is a flexible implementation for privileges management. ● Mainly two objects (Resource and role) are involved → a resource is an object to which access is controlled. → a role is an object that may request access to a Resource. → And privileges is what an object can do on the Resource.
- 6. Resource in Zend_Acl ● In Zend, resource can be a “module” or “controller” or “controller action” or any block of code. ● Zend_Acl provides Zend_Acl_Resource_Interface as a resource to facilitate creating resource. ● Additionally, Zend_Acl_Resource is provided by Zend_Acl as a basic resource implementation. ● $acl = new Zend_Acl(); ● $acl->add(new Zend_Acl_Resource('Resource'));
- 7. Role in Zend_Acl ● In Zend, role is the user type say “admin” or “guest” etc. ● Zend_Acl provides Zend_Acl_Role_Interface as a basic role to facilitate creating role. ● Additionally, Zend_Acl_Role is provided by Zend_Acl as a basic role implementation. ● $acl = new Zend_Acl(); ● $acl->addRole(new Zend_Acl_Role('guest'))
- 8. Zend Role continue..... ● In Zend_Acl, a role may inherit from one or more roles. This is to support inheritance of rules among role. ● The following code defines three base roles - "guest", "member", and "admin" ● $acl->addRole(new Zend_Acl_Role('guest')) ->addRole(new Zend_Acl_Role('member')) ->addRole(new Zend_Acl_Role('admin'));
- 9. Zend Role continue..... Inheritance ● $acl->addRole(new Zend_Acl_Role('guest'), 'user') Multiple Inheritance among Roles: ● $parents = array('guest', 'member', 'admin'); ● $acl->addRole(new Zend_Acl_Role('someUser'), $parents);
- 10. Zend Role continue..... Multiple Inheritance among Roles: ● $acl->add(new Zend_Acl_Resource('someResource')); ● $acl->deny('guest', 'someResource'); ● $acl->allow('member', 'someResource'); ● echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';
- 11. Zend Role continue..... Multiple Inheritance among Roles: ● O/P – allowed ● When specifying multiple parents for a role, then the last parent listed is the first one searched for rules applicable to an authorization query.
- 12. Creating a Simple ACL
- 13. Storing ACL Data ● Zend_Acl was designed in such a way that it does not require any particular back-end technology such as a database or cache server for storage of the ACL data. ● Zend_Acl is serializable, ACL objects may be serialized with PHP's serialize() function, and the results may be stored anywhere the developer should desire, such as a file, database, or caching mechanism. ● Let us see an example to store the Acl data in database.
- 14. Conditional ACL Rules ● Zend_Acl provides support for conditional rules with Zend_Acl_Assert_Interface. → Only between the hours of 8:00am and 5:00pm. → Access / Deny specific to any IP address. ● $acl = new Zend_Acl(); ● $acl->allow(null, null, null, new ClsAssertion()); → Assertion only applies when the assertion method returns TRUE
- 15. Benefits of using Acl → Security. → Filtering traffic. → Confidentiality - Control disclosure of information. → Centralized place to access and manage ACL rules, resources, and roles. → Maps nicely to the MVC controller/action architecture. → Easiness of user and resource management. → Easy modification.
- 16. Questions??
- 17. Thank You Voting time, please vote for better India :)