Ralph Schindler has a new post to his blog today looking at using dynamic assertions with the access control component (Zend_Acl) of the Zend Framework.
Over the last two years, I've seen a variety of duplicate issues come into the issue tracker, which stem from two fundamental flaws in Zend_Acl [...] In this article, we'll explore the API changes that alleviate these two problems, and we'll demonstrate how to leverage the Zend_Acl assertion system to create expressive, dynamic assertions that work with your applications models.
He mentions some of the backwards compatible changes that have been made to the ACL API including changes in the add() method and the ability to create Zend_Acl_Role and Zend_Acl_Resource objects explicitly. The rest of the post gives a great example of setting up users in a role, creating an action to test them against (can they work with a blog post?) and running a series of checks against the ACL component as a guest, contributor and publisher.