前面的Introduction章节就不再赘述了，仅从chapter 2开始。（原文有详细的例子和源代码，就不贴出来了，可参看Zend Framework：http://framework.zend.com/manual/en/zend.acl.html）
- Acl: Access Control List, a lightweight and flexible access control list functionality and privileges management provided by Zend_Acl.
- 2 key points: Resourse & Role.
- The simple model: an application may control how requesting objects (Roles) are granted access to protected objects (Resources). For example, if a person requests access to a car, then the person is the requesting Role, and the car is the Resource, since access to the car is under control. When applied to the web applications, a simple example is "what can a user do to the system". A detailed example has been given out.
- Multiple inheritance between Roles: roles can be multi-inherited. Note: When specifying multiple parents for a Role, keep in mind that the last parent listed is the first one searched for rules applicable to an authorization query.
- 2 steps of creating ACL: 1. Registering roles; 2. Defining access controls. Note: Until a developer specifies an "allow" rule, Zend_Acl denies access to every privilege upon every Resource by every Role.
- Querying the ACL after creating.
- Refining access controls: 1. Precise access controls; 2. Removing access controls. Precise access controls means making the access controls more specific (can take full advantage of inheritance).
- Advanced use: Writing conditional ACL rules with assertions. Sometimes a rule for allowing or denying a Role access to a Resource should not be absolute but dependent upon various criteria. There are 2 examples: 1. certain access should be allowed, but only between the hours of 8:00am and 5:00pm; 2. deny access because a request comes from an IP address that has been flagged as a source of abuse.