Access Control Lists (ACLs) define resources, which are objects for which access is controlled, and privileges, which are actions that can be taken on a given resource. Once these are defined, roles are assigned privileges to control access. To determine whether a role has permission to access a resource/privilege, you query the ACL. ACLs are almost always defined by the module.ini configuration file.
An assert helps with querying an ACL when the permission required to access a resource depends on additional factors, such as a resource that is only accessible during certain hours of the day. Asserts are rarely required. To define an assert, create a class that is named according to the privilege being checked. For asserts that validate a privilege to perform an action, precede the name with "Can", for example CanEdit or CanDelete. For asserts that test the current state, precede the name with "Is", for example IsOwner or IsThursday.
Assert classes must be located in the module folder, using the following structure:
acls/ asserts/
Here is the skeleton of an assert CanFoo for the
Bar module:
<?php
/**
* Assert description
*
* @copyright copyright info.
* @license license info.
* @version version info.
*/
class Bar_Acl_Assert_CanFoo implements Zend_Acl_Assert_Interface
{
/**
* Checks if the active user can 'foo' the given content resource.
*
* @param Zend_Acl $acl the acl instance
* @param Zend_Acl_Role_Interface $role the role to check access for
* @param Zend_Acl_Resource_Interface $resource the resource
* @param string $privilege the privilege
* @return boolean true if the given role can 'foo' the given resource,
* false if not allowed
*/
public function assert(
Zend_Acl $acl,
Zend_Acl_Role_Interface $role = null,
Zend_Acl_Resource_Interface $resource = null,
$privilege = null)
{
}
}
For details, refer to the Zend Framework documentation.