[eluser]Phil Sturgeon[/eluser]
I find a nice easy way of doing ACL is to have a database with simple user levels and two hooks. One loaded pre_controller to check login status and redirect elsewhere if not logged in/incorrect permissions, and the other to set some defaults. Then you can just use loads of if(IS_ADMIN) statements in views.
Also have an array in config that allows certain pages to be always allowed. Need to extend the functionality of that to allow roles or more complex settings. Right now it only covers directory/controller/method checks.
A little messy perhaps, my permission library could be improved by taking a few pages from Zends book. If you need something simple though, give that a try.
