search

jeremykendall / slim-auth

Authorization and authentication for the Slim Framework using ZF2 Authentication and Acl components
MIT License
244 stars 38 forks source link

Help: Resourcemanagement #23

Closed ghost closed 9 years ago

ghost commented 9 years ago

Hi,

every Resource which is not added by my ACL is permitted.

$this->addRole('guest');
$this->addRole('admin');

$this->addResource('/');

$this->allow('admin');
$this->allow('guest');

This should allow everything, right? But I cannot access like /list/model/1 or /list/models without explicitliy adding the resource. And then I don't know how to handle dynamic content like the /1 etc.

Thanks for your help in advance.

jeremykendall commented 9 years ago

The allow statements can be exactly how you wrote them, but you definitely need to add each resource, or Slim Auth can't query the ACL for the resource (the ACL doesn't know about what you don't add).

For dynamic routes, you need to use the standard Slim route patterns and parameters, and the resource is the exact route pattern.

For example: /list/model/1 probably looks like /list/model/:id in your Slim routes. The resource would then be $this->addResource('/list/model/:id');.

ghost commented 9 years ago

Okay, thank you. I haven't tried this. :-)

jeremykendall commented 9 years ago

:+1: