Главная Обзор Помощь
Вход
boarspring
/
repo_zf1
зеркало из https://github.com/bluescreen/zf1-php7.2.git
2
0
Ответвить 1
Файлы Задачи 0 Вики
Дерево: 9ac4188a53
Ветки Метки
repo_zf1
/
documentation
/
manual
/
bg
/
module_specs
/
Zend_Acl-Advanced.xml

Zend_Acl-Advanced.xml 4.4 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. <sect1 id="zend.acl.advanced">
    2. 

  2. 

  3.     <title>По - слжони неща</title>
    4. 

  4. 

  5.     <sect2 id="zend.acl.advanced.storing">
    6. 

  6. 

  7.         <title>Съхраняване на ACL информация за заазване на състоянието</title>
    8. 

  8. 

  9.         <para>
    10. 

  10. 

  11.         Zend_Acl was designed in such a way that it does not require any particular backend technology such
    12. 

  12.         as a database or cache server for storage of the ACL data. Its complete PHP implementation enables
    13. 

  13.         customized administration tools to be built upon Zend_Acl with relative ease and flexibility. Many
    14. 

  14.         situations require some form of interactive maintenance of the ACL, and Zend_Acl provides methods
    15. 

  15.         setting up, and querying against, the access controls of an application.
    16. 

  16.         </para>
    17. 

  17. 

  18.         <para>
    19. 

  19.         Storage of ACL data is therefore left as a task for the developer, since use cases are expected to
    20. 

  20.         vary widely for various situations. Because Zend_Acl is serializable, ACL objects may be serialized
    21. 

  21.         with PHP's <ulink url="http://php.net/serialize"><code>serialize()</code></ulink> function, and the
    22. 

  22.         results may be stored anywhere the developer should desire, such as a file, database, or caching
    23. 

  23.         mechanism.
    24. 

  24.         </para>
    25. 

  25. 

  26.     </sect2>
    27. 

  27. 

  28.     <sect2 id="zend.acl.advanced.assertions">
    29. 

  29. 

  30.         <title>Writing Conditional ACL Rules with Assertions</title>
    31. 

  31. 

  32.         <para>
    33. 

  33.         Sometimes a rule for allowing or denying an Role access to a Resource should not be absolute but dependent
    34. 

  34.         upon various criteria. For example, suppose that certain access should be allowed, but only between the
    35. 

  35.         hours of 8:00am and 5:00pm. Another example would be denying access because a request comes from an
    36. 

  36.         IP address that has been flagged as a source of abuse. Zend_Acl has built-in support for implementing
    37. 

  37.         rules based on whatever conditions the developer needs.
    38. 

  38.         </para>
    39. 

  39. 

  40.         <para>
    41. 

  41.         Zend_Acl provides support for conditional rules with <code>Zend_Acl_Assert_Interface</code>. In order
    42. 

  42.         to use the rule assertion interface, a developer writes a class that implements the
    43. 

  43.         <code>assert()</code> method of the interface:
    44. 

  44.         </para>
    45. 

  45. 

  46.         <programlisting role="php"><![CDATA[<?php
    47. 

  47. require_once 'Zend/Acl/Assert/Interface.php';
    48. 

  48. 

  49. class CleanIPAssertion implements Zend_Acl_Assert_Interface
    50. 

  50. {
    51. 

  51.     public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null,
    52. 

  52.                            Zend_Acl_Resource_Interface $resource = null, $privilege = null)
    53. 

  53.     {
    54. 

  54.         return $this->_isCleanIP($_SERVER['REMOTE_ADDR']);
    55. 

  55.     }
    56. 

  56. 

  57.     protected function _isCleanIP($ip)
    58. 

  58.     {
    59. 

  59.         // ...
    60. 

  60.     }
    61. 

  61. }]]>
    62. 

  62.         </programlisting>
    63. 

  63. 

  64.         <para>
    65. 

  65.         Once an assertion class is available, the developer must supply an instance of the assertion class
    66. 

  66.         when assigning conditional rules. A rule that is created with an assertion only applies when the
    67. 

  67.         assertion method returns true.
    68. 

  68.         </para>
    69. 

  69. 

  70.         <programlisting role="php"><![CDATA[<?php
    71. 

  71. require_once 'Zend/Acl.php';
    72. 

  72. 

  73. $acl = new Zend_Acl();
    74. 

  74. $acl->allow(null, null, null, new CleanIPAssertion());]]>
    75. 

  75.         </programlisting>
    76. 

  76. 

  77.         <para>
    78. 

  78.         The above code creates a conditional allow rule that allows access to all privileges on everything
    79. 

  79.         by everyone, except when the requesting IP is "blacklisted." If a request comes in from an IP that
    80. 

  80.         is not considered "clean," then the allow rule does not apply. Since the rule applies to all Roles,
    81. 

  81.         all Resources, and all privileges, an "unclean" IP would result in a denial of access. This is a special
    82. 

  82.         case, however, and it should be understood that in all other cases (i.e., where a specific Role,
    83. 

  83.         Resource, or privilege is specified for the rule), a failed assertion results in the rule not applying,
    84. 

  84.         and other rules would be used to determine whether access is allowed or denied.
    85. 

  85.         </para>
    86. 

  86. 

  87.         <para>
    88. 

  88.         The <code>assert()</code> method of an assertion object is passed the ACL, Role, Resource, and privilege
    89. 

  89.         to which the authorization query (i.e., <code>isAllowed()</code>) applies, in order to provide
    90. 

  90.         a context for the assertion class to determine its conditions where needed.
    91. 

  91.         </para>
    92. 

  92. 

  93.     </sect2>
    94. 

  94. 

  95. </sect1>
    96. 

  96. <!--
    97. 

  97. vim:se ts=4 sw=4 et:
    98. 

  98. -->
    99.