I implemented similar thing not so long ago. Basic concept follows in an example code.
I created my own configAcl.php file which is loaded in bootstrap file, in my case it is index.php. Here is how it'd be according to your case:
$acl =newZend_Acl();
$roles = array('admin','normal');// Controller script names. You have to add all of them if credential check// is global to your application.
$controllers = array('auth','index','news','admin');foreach($roles as $role){
$acl->addRole(newZend_Acl_Role($role));}foreach($controllers as $controller){
$acl->add(newZend_Acl_Resource($controller));}// Here comes credential definiton for admin user.
$acl->allow('admin');// Has access to everything.// Here comes credential definition for normal user.
$acl->allow('normal');// Has access to everything...
$acl->deny('normal','admin');// ... except the admin controller.// Finally I store whole ACL definition to registry for use// in AuthPlugin plugin.
$registry =Zend_Registry::getInstance();
$registry->set('acl', $acl);
Another case is if you want to allow normal user only "list" action on all your controllers. It's pretty simple, you'd add line like this:
$acl->allow('normal',null,'list');// Has access to all controller list actions.
Next you should create new plugin which takes care of credential checking automatically when there is a request for some controller action. This checking takes place in preDispatch() method that is called before every call to the controller action.
Here is AuthPlugin.php:
classAuthPluginextendsZend_Controller_Plugin_Abstract{publicfunction preDispatch(Zend_Controller_Request_Abstract $request){
$loginController ='auth';
$loginAction ='login';
$auth =Zend_Auth::getInstance();// If user is not logged in and is not requesting login page// - redirect to login page.if(!$auth->hasIdentity()&& $request->getControllerName()!= $loginController
&& $request->getActionName()!= $loginAction){
$redirector =Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit($loginAction, $loginController);}// User is logged in or on login page.if($auth->hasIdentity()){// Is logged in// Let's check the credential
$registry =Zend_Registry::getInstance();
$acl = $registry->get('acl');
$identity = $auth->getIdentity();// role is a column in the user table (database)
$isAllowed = $acl->isAllowed($identity->role,
$request->getControllerName(),
$request->getActionName());if(!$isAllowed){
$redirector =Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoUrlAndExit('/');}}}}
Final steps are loading your configAcl.php and register the AuthPlugin in bootstrap file (probably index.php).
require_once '../application/configAcl.php';
$frontController =Zend_Controller_Front::getInstance();
$frontController->registerPlugin(newAuthPlugin());
So this is the basic concept. I didn't test the code above (copy and paste and rewrite just for the showcase purpose) so it's not bullet-proof. Just to give an idea.