Continuing on from his previous post in his series, Jani Hartikainen looks again at the Zend_Acl component for access control and how to deal with its "abstract" role.

In the context of Zend_Acl, access to resources is given to roles: A role might be a user's name, a group a user belongs to, or just roles, which have been assigned to a user from the admin panel. Since Zend_Acl only defines an "abstract" role, resource and privilege, how do we deal with all of these using it? Read more to find out! I'll also be addressing some more ways to deal with allowing and denying access.

He looks at how you can use your own role scheme (custom strings with meaning to you and your application) to define what the user can and can't do. He creates a plugin/interface for the framework to help handle this style so that he can compare the user's current identity against the resource type(s) they want to check.