Zend_Acl, jQuery and HTTP Status Codes
In my controllers, I use Zend_Acl to check whether or not a user is allowed to perform an action (i.e. should the code in the method be executed). I also have to check permissions once in a method, as someone might be trying to access an object that does not belong to them - i.e. edit a blog post of someone else. In that case, I was forwarding to a method in the Error controller and adding a 403 to denote that the user could not access the page, as well as displaying a generic page saying the user does not have the proper permissions :
<?php
$this->getResponse()->setRawHeader(‘HTTP/1.1 403 Forbidden’);
?>
I am using jQuery with AJAX to run methods on occasion, and whenever returning a 403, my jQuery callbacks never executed : $.post(’/tripreport/admintr/saveroute’,doThis);. In reading the jQuery documentation, I need to use the $.ajax function instead of $.post : $.ajax({type:”POST”,url:”/tripreport/admintr/saveroute”,error:handleError,success:handleSuccess});. In the handleError function, I can test whether or not the status code is a 403, and then take the appropriate action : XMLHttpRequest.status == ‘403′.
On a related note, if you are using $this->_forward in your methods in the Action Controllers like I mentioned above, be sure to use “return” right after, if you don’t want to execute any more code in that method.