使用Zend进行隐私控制

For your purposes, if you use Zend_Acl, you should look at assertions.

Given the complex nature of the relationships between users in your applications, most of the access rules you will query seem very dynamic so they will largely rely on assertions that can use more complex logic to determine accessibility.

You should be able to accomplish what you want using Zend_Acl though.

You may set up an ACL rule like this:

$acl->allow('user', 'profile', 'view', new My_Acl_Assertion_UsersAreFriends());

The ACL assertion itself:

<?php

class My_Acl_Assertion_UsersAreFriends implements Zend_Acl_Assert_Interface
{
    public function assert(Zend_Acl $acl,
                           Zend_Acl_Role_Interface $role = null,
                           Zend_Acl_Resource_Interface $resource = null,
                           $privilege = null)
    {
        return $this->_usersAreFriends();
    }

    protected function _usersAreFriends()
    {
        // get UserID of current logged in user
        // assumes Zend_Auth has stored a User object of the logged in user
        $user   = Zend_Auth::getInstance()->getStorage();
        $userId = $user->getId();

        // get the ID of the user profile they are trying to view
        // assume you can pull it from the URL
        // or your controller or a plugin can set this value another way
        $userToView = $this->getRequest()->getParam('id', null);

        // call your function that checks the database for the friendship
        $usersAreFriends = usersAreFriends($userId, $userToView);

        return $usersAreFriends;
    }
}

Now with this assertion in place, the access will be denied if the 2 user IDs are not friends.

Check it like:

if ($acl->isAllowed('user', 'profile', 'view')) {
    // This will use the UsersAreFriends assertion

    // they can view profile
} else {
    // sorry, friend this person to view their profile
}

Hope that helps.