"Zend Framework" Programmer's Reference Guide - reading notes (Chapter 2)

        这两天刚开始接触Zend Framework,于是开始阅读它的Manual。计划展开一个阅读手记系列来总结对这个Manual的解读,摘录一些当中的要点,日后再回头查阅也较为方便。

        前面的Introduction章节就不再赘述了,仅从chapter 2开始。(原文有详细的例子和源代码,就不贴出来了,可参看Zend Framework:http://framework.zend.com/manual/en/zend.acl.html

        以下是要点摘录:

- Acl: Access Control List, a lightweight and flexible access control list functionality and privileges management provided by Zend_Acl.

- 2 key points: Resourse & Role.

- The simple model: an application may control how requesting objects (Roles) are granted access to protected objects (Resources). For example, if a person requests access to a car, then the person is the requesting Role, and the car is the Resource, since access to the car is under control. When applied to the web applications, a simple example is "what can a user do to the system". A detailed example has been given out.

- Multiple inheritance between Roles: roles can be multi-inherited. Note: When specifying multiple parents for a Role, keep in mind that the last parent listed is the first one searched for rules applicable to an authorization query.

- 2 steps of creating ACL: 1. Registering roles; 2. Defining access controls. Note: Until a developer specifies an "allow" rule, Zend_Acl denies access to every privilege upon every Resource by every Role.

- Querying the ACL after creating.

- Refining access controls: 1. Precise access controls; 2. Removing access controls. Precise access controls means making the access controls more specific (can take full advantage of inheritance).

- Advanced use:  Writing conditional ACL rules with assertions. Sometimes a rule for allowing or denying a Role access to a Resource should not be absolute but dependent upon various criteria. There are 2 examples: 1. certain access should be allowed, but only between the hours of 8:00am and 5:00pm; 2. deny access because a request comes from an IP address that has been flagged as a source of abuse.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值