authentication - How to restrict access some part of module in ZendFramework 2 (i.e. only administrator can do some actions) -

-

It is!

I have a question: how to permit only access to some part of the module for adminisitrator, for example.

For example, I have a module album. It contains the controller index, delete, add, edit, complete. I need to be complete and available for all roles of the Index controller, but only add, remove and add action for the administrators.

Which module do I use to do this? I got Zend \ Authentification

table: username , password , role .

How to authenticate the user?:

// authentication $ auth = Zend_Auth :: getInstance (); $ Result = $ auth-> Authenticate ($ authAdapter); If ($ result-> gt; isValid ()) {// Success: Store the database in the store's store / system (though no password!) $ Data = $ authAdapter-> GetResultRowObject (empty, 'password'); $ Auth-> GetStorage () - & gt; ($ Data); $ This- & gt; _redirect ('/'); } And {// Failure: clear database row from $ 1 from session-> view-> Message = 'Login failed.'; }

After that, I will have access to user data, for example: 

  Zend_Auth :: getInstance () - & gt; GetIdentity () - & gt; User name;

Therefore, in action, in which I want to restrict access, I just need to use: 

  if (Zend_Auth :: getInstance () - & Gt; GetIdentity () - & gt; Role == Administrator) {Redirect ("auth / login"); }

right?

Question:

  1. Am I suggesting how to fix the user role in each contoller?

  2. Am I properly understanding how working with Zend \ Authentification and access to certain operations is restricted? So in future I will only use one for the same action, right?

Additional questions: Does the ACL module use to manage permissions? Requires ACL with Zend_Auth permissions, okay?

To enable you to create or implement an ACL (Access Control List) you You can also use a third party solution in conjunction with Zend_Auth mentioned earlier (or any other authentication module). You can read more at Zend ACL here:

For example, you can take a look at BjyAuthorize . This ACL module provides complete authorization solutions for your application, but the user depends on ZfcUser for authentication and registration. This can be a good way to get started.

If you are building or implementing Bjyuthorize , then you can easily check your routes (but there are many other ways). You can see how it works

These modules will teach you a lot about how certification and authorization can be made in your Zend Framework 2 application.


Comments

Post a Comment

Popular posts from this blog

import - Python ImportError: No module named wmi -

-
I followed the instructions for downloading WMI for Python When I try to run the code for C.Win32_Service (StartMode = "Auto", state = "Stopped") import wmi c = wmi.WMI (): if Raw_input ("restart% s?"% S.Caption) .upper () == "Y": s.StartService () I got the error traceback (most recent call end): file ". \", Line 1, edit: I am using Python 2.7.6 EDIT2: I am running 64-bit Windows 2008 R2, and I've downloaded WMI-1.4.9.zip (md5). I removed the content and put it in D: Python \ Tools \ Scripts I executed dragon setup.py.install I said D : \ Python \ tools \ scripts to% PATH% and when I execute the code for C.Win32_Service (StartMode = "Auto", state = "Stopped") import wmi c = Wmi.WMI (): If raw_input ("Restart% s?"% S. Caption). () == "Y": s.StartService () error me Gets traceback (most recent call final): File ". See \", line 1, & lt; Modu...
Read more

Editing Python Class in Shell and SQLAlchemy -

-
I am working on the terminal on a shell script after this tutorial SQLAlchemy tutorial. I need to type gt; & Gt; & Gt; Sqlalchemy import column, integer, string & gt; & Gt; & Gt; Class user (base): __tablename__ = 'users' id = column (integer, primary_key = true) name = column (string) absolute name = column (string) password = column (string) def __repr __ (self): return "& lt ; User (name = '% s', absolute name = '% s', password = '% s') & gt; "% (Self.name, self.fullname, self.password) After the problem I have typed the password = column (string) I hit twice and changed .... >> I then took everything back but then an error was thrown because the class already exists ... I am not completely sure how to fix it. How do I open that slip in the shell script and edit it (Add DF to DRR) The error thrown below: / user / giripeters / TFSQLLX / Lib / python2.7 / site-packages / sqlalchemy / ext / decla...
Read more

lua - HowTo create a fuel bar -

-
I would like to create a fuel bar (empty with full tank). When the user touches the screen, the fuel once Dairejh these is my code: lifeBar = display.newImage ( "fuel_bar1.png") lifeBar.anchorX = 0 lifeboats. ======================== Lifetime Y = 37 screens Group: The Insert function (called Laifbar) However, I fuel Kansmoshn (equivalent to "pressed" variable to reduce the fuel tank "true") Have used. When pressed == is true, it means that the user is touching the screen: processed (fuel) processed () if life & gt; 0 and pressed == true remains = life - life 1 Life = life =. Wide-1 remains Value.text = string.format ("% d", life) End of this This function is active as the entrance event: runtime: addEventListener ( "Antrfrem" fuel Snsadna) it is very well, but my question is: pressed variable each time 5 seconds (once = = True) How is it possible to reduce the vitality width? I tried to add it to my touch even...
Read more