动态断言Zend_ACL - 在isAllowed上创建不需要的对象

I have tried to add dynamic Zend_Acl assertions to my project following this article: http://www.amazium.com/blog/content-driven-access-control-with-zend-acl

After days of thinking I still can't put it to work properly. It throws an error: "Catchable fatal error: Argument 1 passed to Application_Model_User::populate() must be an array, object given, called in C:\Program Files\Zend\Apache2\htdocs\guardian\application\models\User.php on line 14 and defined in C:\Program Files\Zend\Apache2\htdocs\guardian\application\models\User.php on line 92".

Through debugging I found out the line in ClientController

$subsidiary->setAllowed($this->_acl->isAllowed($user, $subsidiary));

caused the problem. But I cannot get how to make it work. It seems that isAllowed creates an instance of User though I pass it there directly.

My code is the following:

class My_Controller_Helper_Acl extends Zend_Acl{

public function __construct(){

    $this->add(new Zend_Acl_Resource('index'));
    $this->add(new Zend_Acl_Resource('client'));
    $this->add(new Zend_Acl_Resource('search'));
    $this->add(new Zend_Acl_Resource('subsidiary'));
    $this->add(new Zend_Acl_Resource('user'));
    $this->add(new Zend_Acl_Resource('error'));
    $this->add(new Zend_Acl_Resource('subs'));

    $guest = My_Role::ROLE_GUEST;
    $client = My_Role::ROLE_CLIENT;
    $technician = My_Role::ROLE_TECHNICIAN;
    $coordinator = My_Role::ROLE_COORDINATOR;
    $admin = My_Role::ROLE_ADMIN;

    $this->addRole(new Zend_Acl_Role($guest));
    $this->addRole(new Zend_Acl_Role($client));
    $this->addRole(new Zend_Acl_Role($technician), $client);
    $this->addRole(new Zend_Acl_Role($coordinator), $technician);
    $this->addRole(new Zend_Acl_Role($admin));

    $this->allow($guest, array('user', 'error'));
    $this->deny($guest, 'user', array('register', 'rights', 'delete'));
    $this->allow($client);
    $this->deny($client, 'client', 'new');
    $this->deny($client, 'client', 'delete');
    $this->deny($client, 'user', array('register', 'rights', 'delete'));
    $this->allow($client, 'subs', null, new My_Controller_Helper_UserOwned());
    $this->allow($coordinator, 'client', array('new', 'delete'));

    $this->allow($admin);

}
}


class My_Controller_Helper_UserOwned implements Zend_Acl_Assert_Interface{
/**
 * @param Zend_Acl $acl
 * @param Zend_Acl_Role_Interface $role
 * @param Zend_Acl_Resource_Interface $resource
 * @param unknown_type $privilege
 */
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) {
    if (!$resource instanceof Application_Model_UserOwnedInterface){

        throw new Exception('UserOwnedInterface not implemented');
    }

    $auth = Zend_Auth::getInstance();
    if(!$auth->hasIdentity()){
        return false;
    }
    $user = new Application_Model_User($auth->getIdentity());

    return $resource->isOwnedByUser($user);
}
}

ClientController.php / listAction

$subsidiariesDb = new Application_Model_DbTable_Subsidiary ();

$subsidiaries = $subsidiariesDb->getByTown ();
$users = new Application_Model_DbTable_User();
$user = $users->getByUsername($this->_username);

foreach($subsidiaries as $subsidiary){
                $subsidiary->setAllowed($this->_acl->isAllowed($user, $subsidiary));
            }

$this->view->subsidiaries = $subsidiaries;
$this->renderScript ( 'client/town.phtml' );

town.phtml

<?php foreach ($this->subsidiaries as $subsidiary) :
if($subsidiary->getAllowed()){
    if ($town != $subsidiary->getSubsidiaryTown()){?>
        </ul>
        <p class="bold"><?php echo $subsidiary->getSubsidiaryTown(); ?></p>
        <?php $town = $subsidiary->getSubsidiaryTown(); ?>
        <ul>
    <?php }
    if ($subsidiary->getHq()) {?>
        <li class="bold"><a href="<?php echo $this->url(array('clientId' => $subsidiary->getClientId()), 'clientIndex');?>">
            <?php echo $subsidiary->getSubsidiaryName() . ' (centrála)'?>
        </a></li>
    <?php }
    else {?>
        <li><?php echo '<a href="' . $this->url(array('clientId' => $subsidiary->getClientId(), 'subsidiary' => $subsidiary->getIdSubsidiary()), 'subsidiaryIndex') . '">' . $subsidiary->getSubsidiaryName() . '</a>'?></li>
    <?php }
}
    endforeach; ?>

User model (parts)

class Application_Model_User implements Zend_Acl_Role_Interface{

private $idUser;
private $username;
private $password;
private $salt;
private $role;
private $userSubsidiaries;

public function __construct ($options = array()){
    if (!empty($options)){
        $this->populate($options);
                    //see what the options are in debug below
    }
}

public function getRoleId(){
    return $this->getRole();
}

public function populate(array $data){

    $this->idUser = isSet($data['id_user']) ? $data['id_user'] : null;
    $this->username = isSet($data['username']) ? $data['username'] : null;
    $this->password = isSet($data['password']) ? $data['password'] : null;
    $this->salt = isSet($data['salt']) ? $data['salt'] : null;
    $this->role = isSet($data['role']) ? $data['role'] : null;

    $this->userSubsidiaries = array();
    $subsidiaries = isSet($data['user_subsidiaries']) ? $data['user_subsidiaries'] : null;
    $this->addSubsidiaryToUser($subsidiaries);

    return $this;
}

public function toArray($toUpdate = false, $withSubsidiaries = true){
    if (!$toUpdate){
        $data['id_user'] = $this->idUser;
    }
    $data['username'] = $this->username;
    $data['password'] = $this->password;
    $data['salt'] = $this->salt;
    $data['role'] = $this->role;

    if($withSubsidiaries){
        $data['user_subsidiaries'] = $this->userSubsidiaries;
    }

    return $data;
}

public function hasSubsidiary($subsidiary){
    if($subsidiary instanceOf Application_Model_Subsidiary){
        $subsidiary = $subsidiary->getIdSubsidiary();
    }
    return in_array($subsidiary, $this->getUserSubsidiaries());
}

public function getUserSubsidiaries(){
    return $this->userSubsidiaries;
}

public function addSubsidiaryToUser($subsidiary){
    if(is_array($subsidiary)){
        foreach($subsidiary as $sub){
            $this->addSubsidiaryToUser($sub);
        }
    } elseif ($subsidiary instanceof Application_Model_Subsidiary){
        $this->userSubsidiaries[] = $subsidiary->getIdSubsidiary();
    } elseif (is_numeric($subsidiary)){
        $this->userSubsidiaries[] = $subsidiary;
    } else{
        throw new Exception('Invalid subsidiary provided.');
    }

    return $this;
}

}

When I put debug on the $options param in User in populate function, I get the result (1) when the user is created in ClientController [user = $users->getByUsername($this->_username);], which is correct. On the line with isAllowed, I mentioned in the beginning, I get the result (2). But I don't get why the User object is even created on that line. I'm desperate. Would you know, where the mistake is?

Result (1):

object(Application_Model_User)#169 (6) {
["idUser":"Application_Model_User":private] => string(1) "6"
["username":"Application_Model_User":private] => string(6) "klient"
["password":"Application_Model_User":private] => string(64) "82a78c724f3242148990897a3b754e1f57442311fab5cde74c2a238d8c8858fc"
["salt":"Application_Model_User":private] => string(88) "Ewxm5Pa7t0MHn9GtROi8Rg5bis0hUhXF/QnnaRmiwgOUqz1elGj/AzYcaVlHa+J6vTpdyvy3mtlmXfmoQlAswg=="
["role":"Application_Model_User":private] => string(1) "4"
["userSubsidiaries":"Application_Model_User":private] => array(1) {
[0] => string(1) "2"
}
}

Result (2):

object(stdClass)#18 (5) {
["id_user"] => string(1) "6"
["username"] => string(6) "klient"
["password"] => string(64) "82a78c724f3242148990897a3b754e1f57442311fab5cde74c2a238d8c8858fc"
["salt"] => string(88) "Ewxm5Pa7t0MHn9GtROi8Rg5bis0hUhXF/QnnaRmiwgOUqz1elGj/AzYcaVlHa+J6vTpdyvy3mtlmXfmoQlAswg=="
["role"] => string(1) "4"
}