这两天刚开始接触Zend Framework,于是开始阅读它的Manual。计划展开一个阅读手记系列来总结对这个Manual的解读,摘录一些当中的要点,日后再回头查阅也较为方便。
前面的Introduction章节就不再赘述了,仅从chapter 2开始。(原文有详细的例子和源代码,就不贴出来了,可参看Zend Framework:http://framework.zend.com/manual/en/zend.acl.html)
以下是要点摘录:
- Acl: Access Control List, a lightweight and flexible access control list functionality and privileges management provided by Zend_Acl.
- 2 key points: Resourse & Role.
- The simple model: an application may control how requesting objects (Roles) are granted access to protected objects (Resources). For example, if a person requests access to a car, then the person is the requesting Role, and the car is the Resource, since access to the car is under control. When applied to the web applications, a simple example is "what can a user do to the system". A detailed example has been given out.
- Multiple inheritance between Roles: roles can be multi-inherited. Note: When specifying multiple parents for a Role, keep in mind that the last parent listed is the first one searched for rules applicable to an authorization query.
- 2 steps of creating ACL: 1. Registering roles; 2. Defining access controls. Note: Until a developer specifies an "allow" rule, Zend_Acl denies access to every privilege upon every Resource by every Role.
- Querying the ACL after creating.
- Refining access controls: 1. Precise access controls; 2. Removing access controls. Precise access controls means making the access controls more specific (can take full advantage of inheritance).
- Advanced use: Writing conditional ACL rules with assertions. Sometimes a rule for allowing or denying a Role access to a Resource should not be absolute but dependent upon various criteria. There are 2 examples: 1. certain access should be allowed, but only between the hours of 8:00am and 5:00pm; 2. deny access because a request comes from an IP address that has been flagged as a source of abuse.
扫一扫
3957
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
