Zend_Acl and MVC Integration Part I (Basic Use)

By Aldemar Bernal

So, what is wrong with Zend_Acl and the current MVC implementation in the Zend Framework? there is nothing wrong, it is just that it gets not too obvious for developers how to achieve an optimal integration between these two important parts of the framework.

First at all, this article is based on the following Zend Framework Proporsal (link), by this moment this proposal is in Pending Recommendation state.

Well, how it works? There are two key components in this proposal:

  1. A Front Controller Plugin: This component resolves if the current user has access to the page which is being opened.
  2. An Action Helper: This component allows you to check whether the current user has access inside a controller.

Based on these two components, let’s try them with an example. Let’s talk about a website like DevZone, we would need a controller that work with the user management and another one which will deal with article management, as well we need 3 types of users (roles), one for guests, one for writers and another one which will approve the articles; resuming, we have:


  1. user controller.
  2. article controller.


  1. Guest.
  2. Writer.
  3. Admin.

Setting up the Zend_Acl component

After defined what we want to do, the next step will create a Zend_Acl instance which will reflect our model.

Creating the roles

Now we create the roles in our Zend_Acl instance.

Creating the resources

And then we create the resources needed (one per controller) and their relationship with the roles we created.

Creating the permissions

Now that we added the roles and resources to our Zend_Acl instance, it’s time to explain what actions must be available to which roles.

  1. Guest won’t have access to edit, add or approve an article.
  2. Writer won’t have access to approve an article.
  3. Admin will have complete access.

Creating the access denied view file

We will need to create a view and an action which will address all those denied users, in order to do it, first we create a new action in our error controller:

And then we create our view file (/application/views/scripts/error/denied.phtml) with some warning message:

Finishing the configuration

Okay, we have setup our Zend_Acl configuration, so far, it doesn’t look like something new, but the next step is register the controller plugin, this important part takes the Zend_Acl instance we created and then validates it against the current page being accessed by an user.

After this configuration is done, once an user enters in our application, depending the role he/she has the page will be displayed or an access denied page will be displayed.

For more information about this you can go to:

Zend_Acl & MVC Integration

and here is a small implementation source code of this:

Source Code