I've just started using Zend_ACL to restrict access to certain controllers based on user roles. Its working pretty fine except however now I need to set it up so that users can only access their own records. For example my application allows people to make bookings. I need to restrict using ACL that users can only view their own bookings on the application while administrators can see all bookings.
I read about using assertations but some how I think I've been using my models the wrong way. Here is how I set up a typical model.
<?php
class Model_Bookings extends Zend_Db_Table {
//class Variable
protected $_name = 'bookings';
protected $_primaryKey = 'id';
function _toArray($a, $index='id', $value='title') {
}
function add($data) {
}
function update($data) {
}
function delete($id) {
}
function get($id = false, $options = false) {
}
}
?>
The model in this case doesn't correspond to a single instance of the booking object :( how can I use such a model in this case when restricting views using ACL i.e how can I set it up so that when the user goes to list of bookings he sees only his bookings. Do I need to do some major refactoring here? Please help.
I'm afraid I'm not answering your question, but here are some really good articles to read. Maybe you'll find help there :