17. Role-Based Access Control

If you remember, in the previous chapter we created the User Demo website which allowed us to manage users and permit access to some web pages to authenticated users only. In this chapter, we will extend the User Demo and show how to implement the Role-Based Access Control (RBAC). The RBAC allows to permit or deny access for certain users to certain website pages based on roles and permissions.

Since you have already known a lot about ZF3 from reading previous chapters, in this chapter we will omit discussing some obvious things and concentrate on conceptual moments only. It is recommended that you refer to the Role Demo sample bundled with this book, which is a complete website that you can run and see everything in action. All code discussed in this chapter is part of this sample application.

ZF3 components covered in this chapter:

• 17.1. Get Role Demo Sample from GitHub
• 17.2. Introduction to RBAC
  • 17.2.1. Roles and Permissions
  • 17.2.2. RBAC Container
  • 17.2.3. Checking Permissions
• 17.3. Default Roles in the Role Demo Sample
• 17.4. Introduction to Dynamic Assertions
• 17.5. Setting Up the Database
• 17.6. Implementing Entities
• 17.7. Implementing Role Management
• 17.8. Implementing Permission Management
• 17.9. Assigning Roles to a User
• 17.10. Implementing RbacManager
  • 17.10.1. Setting Up Caching
  • 17.10.2. Writing the RbacManager Service
• 17.11. Adding the Not Authorized Page
• 17.12. Modifying the AuthManager Service
• 17.13. Modifying the Dispatch Event Listener
• 17.14. Adding Access Controller Plugin and View Helper
  • 17.14.1. Access Controller Plugin
  • 17.14.2. Access View Helper
• 17.15. Using the User Module
• 17.16. Summary