humbertodosreis/Acl.php

## Acl.php
<?php

class Model_Acl extends Zend_Acl {
    public function __construct() {

// define Roles
        $this->addRole(new Zend_Acl_Role('guest')); // not authenicated
        $this->addRole(new Zend_Acl_Role('member'), 'guest'); // authenticated as member inherit guest privilages
        $this->addRole(new Zend_Acl_Role('admin'), 'member'); // authenticated as admin inherit member privilages

// define Resources
        $this->add(new Zend_Acl_Resource('error'));
        $this->add(new Zend_Acl_Resource('index'));
        $this->add(new Zend_Acl_Resource('authentication'));
        $this->add(new Zend_Acl_Resource('activity'));

// assign privileges
        $this->allow('guest', array('index','error'));
        $this->allow('guest', 'authentication', array('index','signin'));

        $this->allow('member', 'authentication', array('index','signout'));
        $this->deny( 'member', 'authentication', 'signin');
        $this->allow('member', 'activity', array('index','list')); // member has list privilages for resource activity

        $this->allow('admin', 'activity'); // admin has all privileges for resource activity
    }
}

## Authenticated.php
<?php
class Plugin_Authenticated extends Zend_Controller_Plugin_Abstract
{
    private $_acl = null;
    private $_auth = null;

    public function __construct(Zend_Acl $acl, Zend_Auth $auth)
    {
        $this->_acl = $acl;
        $this->_auth = $auth;
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $resource = $request->getControllerName();
        $action = $request->getActionName();

        $role .= $this->_auth->getStorage()->read()->role;
            if(!$this->_acl->isAllowed($role, $resource, $action)) {
                $request->setControllerName('authentication')
                        ->setActionName('notauthorized');
            }
    }
}

## Bootstrap.php
<?php

class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
{
    private $_acl = null;
    private $_auth = null;

    protected function _initAutoload()
    {
        $modelLoader = new Zend_Application_Module_Autoloader(array(
            'namespace' => '',
            'basePath' => APPLICATION_PATH));

        $this->_acl = new Model_Acl;
        $this->_auth = Zend_Auth::getInstance();
        if(!$this->_auth->hasIdentity()) {$this->_auth->getStorage()->read()->role = 'guest';}

        $fc = Zend_Controller_Front::getInstance();
        $fc->registerPlugin(new Plugin_Authenticated($this->_acl, $this->_auth));

        return $modelLoader;
    }

    function _initViewHelpers()
    {
        $this->bootstrap('layout');
        $layout = $this->getResource('layout');
        $view = $layout->getView();

        $config = new Zend_Config_Ini(APPLICATION_PATH .'/configs/application.ini', APPLICATION_ENV);

        $view->doctype('HTML4_STRICT');
        $view->headMeta()->appendHttpEquiv('Content-Type', 'text/html; charset=UTF-8')
                      ->appendHttpEquiv('Content-Language', 'en-US')
                      ->appendName('keywords', $config->head->meta->keywords)
                      ->appendName('description', $config->head->meta->description);

        $view->headLink()->appendStylesheet($config->head->css->site)
                      ->appendStylesheet($config->head->css->menu)
                      ->appendStylesheet($config->head->css->form)
                      ->appendStylesheet($config->head->css->view);

        $view->headTitle()->setSeparator(' - ');
        $view->headTitle($config->head->title);

    }

    function _initNavigation()
    {
        $this->bootstrap('layout');
        $layout = $this->getResource('layout');
        $view = $layout->getView();

        $navConfig = new Zend_Config_Xml(APPLICATION_PATH . '/configs/navigation.xml', 'nav');
        $navigation = new Zend_Navigation($navConfig);

        $view->navigation($navigation)->setAcl($this->_acl)
                                      ->setRole($this->_auth->getStorage()->read()->role);

    }

}

## Navigation.xml
<?xml version="1.0" encoding="UTF-8"?>
<config>
    <nav>
        <home>
            <label>Home</label>
            <controller>index</controller>
            <action>index</action>
            <resource>index</resource>
            <privilege>index</privilege>
        </home>
        <authentication>
            <label>Authentication</label>
            <uri>#</uri>
            <resource>authentication</resource>
            <privilege>index</privilege>
            <pages>
                <signin>
                    <label>Signin</label>
                    <controller>authentication</controller>
                    <action>signin</action>
                    <resource>authentication</resource>
                    <privilege>signin</privilege>
                </signin>
                <signout>
                    <label>Signout</label>
                    <controller>authentication</controller>
                    <action>signout</action>
                    <resource>authentication</resource>
                    <privilege>signout</privilege>
                </signout>
            </pages>
        </authentication>
        <activity>
            <label>Activity</label>
            <uri>#</uri>
            <resource>activity</resource>
            <privilege>index</privilege>
            <pages>
                <list>
                    <label>List</label>
                    <controller>activity</controller>
                    <action>list</action>
                    <resource>activity</resource>
                    <privilege>list</privilege>
                </list>
                <add>
                    <label>Add</label>
                    <controller>activity</controller>
                    <action>add</action>
                    <resource>activity</resource>
                    <privilege>add</privilege>
                </add>
                <edit>
                    <label>Edit</label>
                    <controller>activity</controller>
                    <action>edit</action>
                    <resource>activity</resource>
                    <privilege>edit</privilege>
                </edit>
            </pages>
        </activity>
    </nav>
</config>
	<?php

	class Model_Acl extends Zend_Acl {
	public function __construct() {

	// define Roles
	$this->addRole(new Zend_Acl_Role('guest')); // not authenicated
	$this->addRole(new Zend_Acl_Role('member'), 'guest'); // authenticated as member inherit guest privilages
	$this->addRole(new Zend_Acl_Role('admin'), 'member'); // authenticated as admin inherit member privilages

	// define Resources
	$this->add(new Zend_Acl_Resource('error'));
	$this->add(new Zend_Acl_Resource('index'));
	$this->add(new Zend_Acl_Resource('authentication'));
	$this->add(new Zend_Acl_Resource('activity'));

	// assign privileges
	$this->allow('guest', array('index','error'));
	$this->allow('guest', 'authentication', array('index','signin'));

	$this->allow('member', 'authentication', array('index','signout'));
	$this->deny( 'member', 'authentication', 'signin');
	$this->allow('member', 'activity', array('index','list')); // member has list privilages for resource activity

	$this->allow('admin', 'activity'); // admin has all privileges for resource activity
	}
	}
	<?php
	class Plugin_Authenticated extends Zend_Controller_Plugin_Abstract
	{
	private $_acl = null;
	private $_auth = null;

	public function __construct(Zend_Acl $acl, Zend_Auth $auth)
	{
	$this->_acl = $acl;
	$this->_auth = $auth;
	}

	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
	$resource = $request->getControllerName();
	$action = $request->getActionName();

	$role .= $this->_auth->getStorage()->read()->role;
	if(!$this->_acl->isAllowed($role, $resource, $action)) {
	$request->setControllerName('authentication')
	->setActionName('notauthorized');
	}
	}
	}
	<?php

	class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
	{
	private $_acl = null;
	private $_auth = null;

	protected function _initAutoload()
	{
	$modelLoader = new Zend_Application_Module_Autoloader(array(
	'namespace' => '',
	'basePath' => APPLICATION_PATH));

	$this->_acl = new Model_Acl;
	$this->_auth = Zend_Auth::getInstance();
	if(!$this->_auth->hasIdentity()) {$this->_auth->getStorage()->read()->role = 'guest';}

	$fc = Zend_Controller_Front::getInstance();
	$fc->registerPlugin(new Plugin_Authenticated($this->_acl, $this->_auth));

	return $modelLoader;
	}

	function _initViewHelpers()
	{
	$this->bootstrap('layout');
	$layout = $this->getResource('layout');
	$view = $layout->getView();

	$config = new Zend_Config_Ini(APPLICATION_PATH .'/configs/application.ini', APPLICATION_ENV);

	$view->doctype('HTML4_STRICT');
	$view->headMeta()->appendHttpEquiv('Content-Type', 'text/html; charset=UTF-8')
	->appendHttpEquiv('Content-Language', 'en-US')
	->appendName('keywords', $config->head->meta->keywords)
	->appendName('description', $config->head->meta->description);

	$view->headLink()->appendStylesheet($config->head->css->site)
	->appendStylesheet($config->head->css->menu)
	->appendStylesheet($config->head->css->form)
	->appendStylesheet($config->head->css->view);

	$view->headTitle()->setSeparator(' - ');
	$view->headTitle($config->head->title);

	}

	function _initNavigation()
	{
	$this->bootstrap('layout');
	$layout = $this->getResource('layout');
	$view = $layout->getView();

	$navConfig = new Zend_Config_Xml(APPLICATION_PATH . '/configs/navigation.xml', 'nav');
	$navigation = new Zend_Navigation($navConfig);

	$view->navigation($navigation)->setAcl($this->_acl)
	->setRole($this->_auth->getStorage()->read()->role);

	}

	}
	<?xml version="1.0" encoding="UTF-8"?>
	<config>
	<nav>
	<home>
	<label>Home</label>
	<controller>index</controller>
	<action>index</action>
	<resource>index</resource>
	<privilege>index</privilege>
	</home>
	<authentication>
	<label>Authentication</label>
	<uri>#</uri>
	<resource>authentication</resource>
	<privilege>index</privilege>
	<pages>
	<signin>
	<label>Signin</label>
	<controller>authentication</controller>
	<action>signin</action>
	<resource>authentication</resource>
	<privilege>signin</privilege>
	</signin>
	<signout>
	<label>Signout</label>
	<controller>authentication</controller>
	<action>signout</action>
	<resource>authentication</resource>
	<privilege>signout</privilege>
	</signout>
	</pages>
	</authentication>
	<activity>
	<label>Activity</label>
	<uri>#</uri>
	<resource>activity</resource>
	<privilege>index</privilege>
	<pages>
	<list>
	<label>List</label>
	<controller>activity</controller>
	<action>list</action>
	<resource>activity</resource>
	<privilege>list</privilege>
	</list>
	<add>
	<label>Add</label>
	<controller>activity</controller>
	<action>add</action>
	<resource>activity</resource>
	<privilege>add</privilege>
	</add>
	<edit>
	<label>Edit</label>
	<controller>activity</controller>
	<action>edit</action>
	<resource>activity</resource>
	<privilege>edit</privilege>
	</edit>
	</pages>
	</activity>
	</nav>
	</config>