/ */ class Content_Acl_Assert_CanEdit implements Zend_Acl_Assert_Interface { protected $_privilege = 'edit'; protected $_privilegeAll = 'edit-all'; /** * Checks if the active user can edit the given content resource. * Exists to aggregate the edit-all and edit-own privileges. * * @param Zend_Acl $acl the acl instance * @param Zend_Acl_Role_Interface $role the role to check access for * @param Zend_Acl_Resource_Interface $resource the resource (should be content/*) * @param string $privilege the privilege (should be edit) * @return boolean true if the given role can edit the given content resource * false if not allowed or if resource/privilege are not content/edit. */ public function assert( Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) { // early exit if resource is not content or privilege is not edit. if (!preg_match('#^content(/.*)?$#', $resource->getResourceId()) || $privilege !== $this->_privilege ) { return false; } // true if role is allowed to edit all content. if ($acl->isAllowed($role, 'content', $this->_privilegeAll)) { return true; } // true if role is allowed to edit-own and user owns this content. $isOwner = new Content_Acl_Assert_IsOwner; if ($acl->isAllowed($role, 'content', $this->_privilege . '-own') && $isOwner->assert($acl, $role, $resource, $privilege) ) { return true; } else { return false; } } }