The Zend Framework blog is back with their latest installment in their authentication and authorization series with the Zend Expressive framework. In this latest post they show the use of the zend-permissions-acl component to provide another kind of access control evaluation (as opposed to the role-based access control shown in a previous article).

The last couple posts have been around authorization, the act of determining if a given identity has access to a resource. We covered usage of role based access controls, as well as middleware that uses an RBAC.

In this post, we'll explore another option provided by Zend Framework, zend-permissions-acl, which implements Access Control Lists (ACL).

This post will follow the same basic format as the one covering zend-permissions-rbac, using the same basic examples.

They start off the post as they've done with the others, showing how to install the component and defining some basic vocabulary so everyone's on the same page. It then starts on creating an access control list instance, defining some roles in that ACL and some example isAllowed checks for evaluating those permissions. With that in place, the tutorial moves on to resources, role inheritance and resource inheritance. Finally, they talk about ACLs in general, what they should contain and how to add in custom assertions if the need should arise.