How to make ACL allow if user is owner of the resource?
Looking at Zend ACL and other similar ACL's, it seems to, and I may be wrong here, to only allow you to allow/deny an action by a role on a resource.
But what if say for example that you have users who are editors and they are allowed to "edit" "posts" b开发者_StackOverflowut what if you only wanted to allow them to edit "posts" owned by the user?
How is this situation handled in the real world? I would prefer to avoid something like...
if ($acl->allowed($role, $action, $resource) and $resource->user_id == $user_id) { ... }
精彩评论