how to get role from Zend_Auth/Zend_ACL when using a Doctrine adapter? getting all work together

Question

I'm using Zend_Auth with a project using doctrine.I believe every bootstrapping is done correctly and i can log in.

my adapter looks like this:

class Abra_Auth_Adapter_Doctrine implements Zend_Auth_Adapter_Interface {

protected $_resultArray;
private $username;
private $password;

public function  __construct($username, $password) {

    $this->username = $username;
    $this->password = $password;

}

//based on feedbacks as response authenticate has changed to this
public function  authenticate() {
    $q = Doctrine_Query::create()
    ->from("Abra_Model_User u")
    ->leftJoin("u.Role r")
    ->where("u.username=? AND u.password=?", array($this->username,$this->password));
    $result = $q->execute();
    if (count($result) == 1) {
        return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $result->get("Mylibrary_Model_User"), array());//autoloaderNamespaces[] = "Mylibrary_" in application.ini
    } else {
        return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, array("Authentication Unsuccessful"));
    }
}

my Abra_Controller_Pluging_Acl looks like this

class Abra_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {

public function preDispatch(Zend_Controller_Request_Abstract $request) {
    parent::preDispatch($request);
    $controller = $request->getControllerName();
    $action = $request->getActionName();
    $module = $request->getModuleName();

    $auth = Zend_Auth::getInstance();
    if($auth->hasIdentity()){
        $identity = $auth->getIdentity();
        $roles = $identity["Role"];
        $role = $roles["name"];
        $role = (empty ($role) || is_null($role))? "regular" : $role ;
    } else {
        $role = "guest";
    }

 }

now having Doctrine_Event Fatal error: spl_autoload() [function.spl-autoload]: Class Doctrine_Event could not be loaded. i've seen this post here and i'm wondering how that can affect my using of Zend_Session, and it's true that i have apc.dll enabled in my php.thanks a lot for reading this

Answer 1

How to get the role: In your adapter, on successful login, rather than returning only the username field, how about returning the whole user object? Then the whole thing will be available when you call Zend_Auth::getIdentity().

Question 1: If you treat controllers as resources and the ACL rules are going to be different per module, then the resource names should reflect the module, as well. This will address the issue of modules with identical controller names.

Question 2: I am not sure I am understanding correctly. Zend_Auth and its storage will take care of keeping the uer identity in its own session namespace. However, I have run into the issue of what to do when the user record in the db changes - say, the user modifies his full name in his profile during his logged-in session - and you are displaying that full name in your site template, pulled from Zend_Auth::getIdentity(). As a user, I would expect the change to be reflected in the visible interface, but the change has only occurred back in the db, not in the session.

What I have done in the past is to create an additional auth adapter that fetches the new user record and always returns success. When the user updates his profile, I call Zend_Auth::authenticate() using this trivial adapter. The session storage gets updated and all is well with the world.

[This approach is almost certainly a hack, so I'd be interested in hearing alternative approaches. I'm sure I can set a value in the session storage directly, but when I last tried it, I couldn't make it quite work. So resorted to the additional adapter workaround.]