Need suggestings setting up Zend_Acl

Question

Suppose I have the classes/models

• Projects (has many lists)
• Lists

I want to allow only users that are collaborators of a project to be able to add lists. How do I do that. I know I should use Zend_Acl_Assert but what do I pass as the resource. For edit/delete I will pass the list itself. For add it seems more like it should be a project. Which seems more correct if I move the ListsController#addAction() to ProjectsController#addListAction()? This is 1 possibility

But if I want to do something like ListsController#addAction() how can I setup my acl?

$acl->allow('user', 'list', 'add', new assertClass());

Will pass 'list' as the resource. Can I somehow pass a project object instead? It does not seem to make sense tho

Answer 1

Can I somehow pass a project object instead?

As long as the object implements Zend_Acl_Resource_Interface and has been registered in the ACL, you can use anything you want.

Answer 2

Why are you passing the list for edit and delete, seems unnecessary? Doing it without the passing the list will work fine.

If you require extra checks, what I've done is add a ensurePermission check on my model preSave, which checks the ACL among other things to determine that it's all good.