<?phpclass App_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract{

1. <?php
2.  
3. class App_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
4. {
5.  
6. protected $_auth = null;
7. protected $_acl = null;
8.  
9. public function __construct()
10. {
11. // get the zend auth instance and the acl service
12. $this->_auth = Zend_Auth::getInstance();
13. $this->_acl = new Service_Acl();
14.  
15. // save acl in registry so we can use it in navigation
16. Zend_Registry::set('acl', $this->_acl);
17. }
18.  
19. public function preDispatch(Zend_Controller_Request_Abstract $request)
20. {
21. // set a standard resource
22. $role = 'Guest';
23. // if we have identity, get the role name from identity
24. if($this->_auth->hasIdentity()) {
25. $role = $this->_auth->getIdentity()->Role->name;
26. }
27.  
28. // generate a resource from the requested module and controller
29. $resource = $request->getModuleName() . ':' . $request->getControllerName();
30.  
31. // lets see if the resource exists
32. if(!$this->_acl->has($resource)) {
33. // if not set it to null so we dont get : as a resource
34. $resource = null;
35. }
36.  
37. // check if we are allowed to the specific resource and action
38. if(!$this->_acl->isAllowed($role, $resource, $request->getActionName())) {
39.  
40. // if we dont have an identity, redirect to login
41. if(!$this->_auth->hasIdentity()) {
42. $request->setModuleName('auth')
43. ->setControllerName('index')
44. ->setActionName('login');
45. } else {
46. // but if we DO have, redirect to denied
47. $request->setModuleName('auth')
48. ->setControllerName('index')
49. ->setActionName('denied');
50. }
51.  
52. }
53.  
54. }
55.  
56.  
57. }