How do I inject access control into a service layer of mvc application?
Asked Answered
M

0

6

I'm coding a zend framework application using the the standard mvc paradigm with an added service layer to take care of application/business logic. It seems quite popular to put your access control into your services, rather than your modules/controllers/actions, however, I have only seen simple examples with static roles and permissions for those roles.

My application will be using a dynamic acl, allowing the admin user to add roles and set permissions on those roles. I have two questions:

  1. How do you map permissions in user land to that of services and methods in services? I don't believe it should be a 1:1 mapping. If your application is sufficiently large, you will have many services with many methods, and the permission structure will quickly become confusing for an end user setting permissions for a role.
  2. I have services that are global to the application and not specific to a module. How would you set permissions for those services based on the module that is accessed?

Any help would be greatly appreciated.

Marylandmarylee answered 17/8, 2010 at 22:15 Comment(1)
Well, several months later, Have you accomplish anything? I'm currently figuring out the same scenario. If you're still interested, maybe I can post here when I finish it.Juanjuana

© 2022 - 2024 — McMap. All rights reserved.