search

zendframework / ZendSkeletonApplication

Skeleton application for zend-mvc projects
BSD 3-Clause "New" or "Revised" License
1.51k stars 1.42k forks source link

do you use plugin in zf2 and use middleware in zf3 when inject auth logic acl over module in one place? #435

Closed jobsfan closed 6 years ago

jobsfan commented 6 years ago

I remember I followed the zf2's official tutorial that, I create a auth plugin under the controller. and then my whole applications are under the acl. just like:

public function onBootstrap(MvcEvent $e)
    {
        $eventManager = $e->getApplication()->getEventManager();
        $eventManager->attach('dispatch', array($this, 'setLayout'),2);
        $eventManager->attach('route', array($this, 'doAuthorization'),3);
        $moduleRouteListener = new ModuleRouteListener();
        $moduleRouteListener->attach($eventManager);
    }

    public function doAuthorization(MvcEvent $e)
    {
        $application = $e->getApplication();
        $sm = $application->getServiceManager();
        $sharedManager = $application->getEventManager()->getSharedManager();
        $router = $sm->get('router');
        $request = $sm->get('request');
        $matchedRoute = $router->match($request);
        if (!preg_match('%^/'.__NAMESPACE__.'/.*%i', $request->getUri()->getPath())) return true;
        if (null !== $matchedRoute) {
            $sharedManager->attach('Zend\Mvc\Controller\AbstractActionController','dispatch',
                function($e) use ($sm) {
                    $sm->get('ControllerPluginManager')->get('Appauth')->doAuthorization($e);
                },4
            );
        }
    }

Now I found in zf3's it changed to middleware, is there any difference? I am always strictly follow the standard tutorial. now there are two different ways makes me confused, the following is the result if found in stackoverflow:

class Module implements ConfigProviderInterface
{
    public function getConfig()
    {
        return include __DIR__ . '/../config/module.config.php';
    }

    public function onBootstrap(MvcEvent $e)
    {
        $app = $e->getApplication();
        $eventManager = $app->getEventManager();
        $serviceManager = $app->getServiceManager();

        // Register closure on event DISPATCH, call your checkProtectedRoutes() method
        $eventManager->attach(MvcEvent::EVENT_DISPATCH, function (MvcEvent $e) use ($serviceManager) {
            $match = $e->getRouteMatch();
            $auth = $serviceManager->get(Middleware\AuthorizationMiddleware::class);
            $res = $auth->checkProtectedRoutes($match);
            if ($res instanceof Response) {
                return $res;
            }
        }, 1);

        // Init ACL : could be improved
        $this->initAcl($e);
    }
Ocramius commented 6 years ago

Now I found in zf3's it changed to middleware

Not yet: that is for zendframework/zend-expressive, not zendframework/zend-mvc. You might want to look at https://discourse.zendframework.com/t/rfc-zend-mvc-4-design-changes/447, where @Xerkus is suggesting we move everything to middleware (and rightfully so).

You can use the middleware approach in ZF2 and ZF3, since newer versions of zendframework/zend-mvc support dispatching any middleware as a controller, but there is still no centralised pipe as far as I know. The listener approach will keep working for a while.

One thing is 100% clear to me though:

$sharedManager->attach('Zend\Mvc\Controller\AbstractActionController','dispatch', ...

Should always be replaced with:

$eventManager->attach(MvcEvent::EVENT_DISPATCH, ...

The reason is simple: the first one dispatches if the implementing dispatched component (a controller) extends from Zend\Mvc\Controller\AbstractActionController, while the second one simply attaches to the application's dispatch step, which will be performed in any case.

jobsfan commented 6 years ago

@Ocramius Thanks for your reply! it is a little hard for me to understand you. Frankly, to me, there are so many term here to learn. like entity, service, middleware, plugin, validator, filter, etc. when zf2, I am trying hard to keep myself updated with the comming new terms. now as my project is not much related to zend framework, I just come when I have time. Usually, I first follow a tutorial and type my code according to tutorial, then with the help of the zendstudio, and autocomplete the new method.

By the way, https://olegkrivtsov.github.io/using-zend-framework-3-book/html/en/toc.html, is it the right place for me to follow? as a english not good programmer. I need some standard way. I am superstitious authority[this sentence I translated by machine].

Ocramius commented 6 years ago

now as my project is not much related to zend framework

That's actually OK: frameworks should provide supporting structure, and not integrate tightly with your logic.

Usually, I first follow a tutorial and type my code according to tutorial, then with the help of the zendstudio, and autocomplete the new method.

Same here - I use my IDE to help me out, but a general idea/direction on "what is going on" is needed.

By the way, https://olegkrivtsov.github.io/using-zend-framework-3-book/html/en/toc.html, is it the right place for me to follow?

No idea, never seen this.

Meanwhile, closing here, as the original question was answered.