Separate of frontend and backend authentication and ACL
I'm about to start work a small, modular application in Zend Framework.
Just want to get some input on where to put my authentication and ACL code. Regular users can register and login through the frontend, but there is an admin section with login and ACL.
Admin users have extra data that needs to be stored, I think class table inheritance is the way to here?
Should I create a module dedicated to handling a开发者_StackOverflow社区ll frontend and backend authentication and ACL, or should the backend have it's own controller(s) inside my admin module?
I normally dont create an "admin" controller with different admin actions. Instead I add the action to the related controller, and I define the role required for that resource. That way, I have everything related to that controller, in just that controller. Otherwise, the admin controller would have different actions with no relationship between them. I dont like that.
I'd add a new field in the users table to define the user role, so you can check it easily.
I find these tutorials really easy to follow:
Misconceptions and simple ACLs
Zend_Acl and MVC Integration
ACL Documentation
精彩评论