Checking ACL in Zend Navigation when using custom view script

The ZF2 Zend Navigation View Helpers manual shows how to configure your navigation adding ACL.

It also shows how to manually render your navigation inside your view scripts or layout:

Or simply:

So far so good – all of your ACL should work fine and only allowed pages are rendered.

This behaviour changes when you render your pages partially. The manual shows this example code:

This way also not allowed pages will be rendered. In order to get ACL checked you need to use the accept() method:




Check Zend Navigation page permissions with ZfcRbac

Define your navigation adding pages and permissions:


Configure your guards and role_providers for ZfcRbac:


Create a Listener:


Create a Factory for the RbacListener:


Add your RbacListenerFactory to your ServiceManager;


And finally attach an event to the isAllowed method of the Zend Navigation View Helper:


Now, if you render your navigation inside your layout only the pages the user role is permitted to see should be rendered.