开发者

How to make ACL allow if user is owner of the resource?

Looking at Zend ACL and other similar ACL's, it seems to, and I may be wrong here, to only allow you to allow/deny an action by a role on a resource.

But what if say for example that you have users who are editors and they are allowed to "edit" "posts" b开发者_StackOverflowut what if you only wanted to allow them to edit "posts" owned by the user?

How is this situation handled in the real world? I would prefer to avoid something like...

if ($acl->allowed($role, $action, $resource) and $resource->user_id == $user_id) { ... }
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜