Zend ACL throwing exception on non-existing resources

Question

I'm trying to get Zend ACL up and running but I seem to be running into the following problem:

PHP Fatal error:  Uncaught exception 'Zend\Permissions\Acl\Exception\InvalidArgumentException' with message 'Resource 'article-2' not found' in vendor/zendframework/zend-permissions-acl/Zend/Permissions/Acl/Acl.php:292

I get the impression that Zend ACL throws and exception when a resource is not added to the resource list. To give an example:

$user1 = 'user-1';
$user2 = 'user-2';

$article1 = 'article-1';
$article2 = 'article-2';

$acl = new Acl();

$acl->addRole( new Role('user') );
$acl->addRole( new Role('user-1'), 'user' );
$acl->addRole( new Role('user-2'), 'user' );

$acl->addResource( $article1 );

$acl->allow( $user1, $article1 );

echo $acl->isAllowed( $user1, $article2 ) ? 'allowed' : 'denied';

As you can see, I'm creating 3 roles, one generic user role and two user specific roles. Then I create two articles and I allow user 1 to access article 1. But, when if I now test if user 1 can access article 2, BOOM, exception!

The `isAllowed' should obviously just return false instead of throwing an exception. Imagine I have 1000 users and 1000 articles, it would mean that besides specifying which users can access which article, I also need to specify which articles they cannot accessed by each user. This obviously results in ridiculous long ACL's and memory consumption, and to top it off, articles aren't my only type of resources!

Other that wrapping the isAllowed in a try/catch (which is obviously clunky), what would be the best way to cope with this odd behavior?

Answer 1

Im not sure if your commet means that you already are ok. Anyways, in this situations , before you check if something isAllowed, what you can do is just:

 if(!$acl ->hasResource($resource))
                $acl -> addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource));

Or even take the time to extend the default ACL class, so the isAllowed method, first of all, include the code above. That would be a simple Poka-Yoke practice, and will allow you to maintain the original model where you have to create resources, while promoting ease of use in common or majority use cases.