Zend Framework University

Zend_Acl is usually presented as a tool for restricting access to controllers and actions. It is one of most common use cases of the component, but the component itself can control access to any kind of resource. Adam Jensen wrote interesting post about implementing models as Zend_Acl resources to define access control rules on business logic level.

As a result of these concerns, I decided on a lower-level, model-centric approach for this blog: my models are my resources. Each model class implements Zend_Acl_Resource_Interface, and the ACL specifies “create,” “read,” “update” and “destroy” privileges for each class (more or less). This is a nice paradigm, because it allows for access control at a much lower level: instead of restricting access to the user interface (the controller layer), we restrict access to the business logic (the model layer). (It also makes dynamic assertions a lot more useful, for reasons I may explain some other time.)

In his quick tutorial he shows how to Doctrine_Record_Listener to add ACL to models and make it flexible.