Zend_Auth: How to check role in addition to username and password?
I want my 'users'
table in my database to contain users of all different levels (members, moderators, admins, etc). So a column in my 'us开发者_运维百科ers'
table is role. I want to be able to check the role to see if they have permission to log in to special parts of the application. How can I do this? Here is my auth adapter so far:
protected function _getAuthAdapter($formData)
{
$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter->setTableName('users');
$authAdapter->setIdentityColumn('username');
$authAdapter->setCredentialColumn('password');
$authAdapter->setIdentity($formData['username']);
$authAdapter->setCredential(md5($formData['password']));
return $authAdapter;
}
You may be trying to use Zend_Auth for a purpose it wasn't intended.
Zend_Auth is supposed to tell you whether a user is who he says he is, not whether they have permission to do a particular thing.
You're looking for Zend_ACL: http://zendframework.com/manual/en/zend.acl.html
If you're not wanting to use Zend_Acl for this yet, try this:
protected function getAuthAdapter()
{
if (null === $this->_auth)
{
$a = new Zend_Auth_Adapter_DbTable(
Zend_Registry::get('db')
);
$a->setTableName('users')
->setIdentityColumn('email')
->setCredentialColumn('password');
// Get the select object and
// modify to check against whatever you want
$s = $a->getDbSelect();
$s->where('userType = ?', 'admin'); // Or whatever, you can see what I'm doing
$this->_auth = $a;
}
return $this->_auth;
}
You can see that you can use getDbSelect() to get the actual Zend_Db_Select object that Zend_Auth is using and modify it as needed.
精彩评论