I have been using the PHP application framework ‘Zend Framework’ a lot lately. The 1.5 release in particular is very feature packed.

Zend Framework has built in classes for creating Access Control Lists, or ACL’s. These ACL’s allow for roles (users / groups) and resources (any resource a role may want to access). They also have the concept of privileges, which are what action you want to take on the resource (e.g. add / delete / edit etc).

If you are making an MVC application your first thought is probably like mine. How can we make the ACL automatically apply to controllers and actions? The answer I have found is by writing a custom Controller Plugin. By using a Controller Plugin, we can automatically apply our ACL without having to add any ACL related code in our actual Controllers.

This allows us to do the following

1. Assign our users to arbitrary groups
2. Allow groups to access only specific Controller and Action combinations, e.g. /news/add
3. Do all of this seamlessly. No code is needed in each controller class. Only one line is added to the boot strap

(more…)