Solved

How to implement Zend Framework service layer and acl?

Posted on 2010-08-16
2
1,622 Views
Last Modified: 2013-12-13
I've been struggling with the best way to implement a service layer in Zend Framework as well as integrating this service layer with a dynamic ACL. I realize that implementation depends on the business logic at hand, but I'm looking for some general recommendations. I'm building a sales application with the following components:

 - Purchase Orders (Salesperson creates and manages purchase orders)
 - Sales (Salesperson generates sales)
 - Warehouse (Receive equipment from purchase orders)
 - Audit (Audit equipment from purchase orders, returned sales, etc.)
 - etc, etc.

Below is my current structure:

 - Models directory under /application to store Doctrine 2.0 entity and repository classes
 - Each module stored under /application/modules with its own forms, services, controllers, views. Note that the models are only stored on the top level, as I'm not sure how to configure Doctrine 2.0 Entities to reside in different folders.

My questions are as follows:

 1. I'm not sure using modules is the best approach. Certain groups of people will have access to certain modules in the application, so this is correct from a permissions standpoint. However, I find that having services in each module is confusing, as most of these services are used across all modules. What is a good approach to structuring this application?

 2. In using a service layer pattern, should I have a service for each model? How about services which do not correspond to a given model?

 3. Would it be better to organize all forms, services at a global level along with the models?

 4. Finally, what is the best structure for permissions in this case? Should I put the acl down into the service classes? Or should I control access at the controller level?

Thank you for any suggestions.

0
Comment
Question by:somersetit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Accepted Solution

by:
Joseph Melnick earned 500 total points
ID: 33460278
Hello somersetit,

1_ A service layer in your case should provide a thin facade to your domain model to provide an interface for your service layer clients. How you organize your domain model objects is really up to you but it would make sense to keep it simple as possible.

2_ Very often there is a one to one mapping between these  and again this would make your like easier.

3_ I like using forms that live at the top level of the application and have written classes that can dynamically generate these for models based on table gateways and information stored about them.

4_ I look at ACL as a way to implement business rules over resources for access by clients (A Model).  Keeping the service layer as thin as possible comes back to my first point. You call the ACL from your controllers to determine if a client which has an assigned role has the required permission to to the requested resource and act appropriately,

I hope this helps.

Joseph Melnick  
0
 

Author Comment

by:somersetit
ID: 33468275
Thank you for your response Joseph. A couple of comments/questions on your response:

>> A service layer in your case should provide a thin facade to your domain model to provide an interface >>for your service layer client

Do you feel it is good practice to split services at the module level and at the global level? Or would it be a cleaner api to keep it all at the global level?

>>I look at ACL as a way to implement business rules over resources for access by clients (A Model).  >>Keeping the service layer as thin as possible comes back to my first point. You call the ACL from >>your controllers to determine if a client which has an assigned role has the required permission to to >>the requested resource and act appropriately

Since we are trying to restrict access to business objects (models), would it make more sense to push the acl into the services, since their responsibility is to manipulate the domain objects?

Thank You
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question