开发者

Separate of frontend and backend authentication and ACL

I'm about to start work a small, modular application in Zend Framework.

Just want to get some input on where to put my authentication and ACL code. Regular users can register and login through the frontend, but there is an admin section with login and ACL.

Admin users have extra data that needs to be stored, I think class table inheritance is the way to here?

Should I create a module dedicated to handling a开发者_StackOverflow社区ll frontend and backend authentication and ACL, or should the backend have it's own controller(s) inside my admin module?


I normally dont create an "admin" controller with different admin actions. Instead I add the action to the related controller, and I define the role required for that resource. That way, I have everything related to that controller, in just that controller. Otherwise, the admin controller would have different actions with no relationship between them. I dont like that.

I'd add a new field in the users table to define the user role, so you can check it easily.

I find these tutorials really easy to follow:

Misconceptions and simple ACLs

Zend_Acl and MVC Integration

ACL Documentation

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜