ACL on model level, dynamic ACL and assertion

8 years ago

Fanda
Member | 39
+
0
-

I am just starting with Nette. I have done base skeleton and authorization, and now I am thinking about ACL. I have two question:

  1. Where in the model implement ACL checks? I am using Doctrine and service layer, so I guess, service layer may be the right place for it. How to process it? I have idea to check in service layer and throw some exception on deny, catched in presenter. (?)
  2. I will need some assertion. In doc is example of how to use it, but if ACL will be dynamic, how can I use 4th param on Permission->allow(…)?

Thanks for your ideas.

8 years ago

Patrik Votoček
Member | 2249
+
0
-
  1. yep first option is service layer and second option is custom AST walker. I think throwing exception and catching in presenter / component / forms is a good idea.