Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/northern/acl
PHP Access Control List based on Zend Framework 2 ACL
https://github.com/northern/acl
Last synced: about 2 months ago
JSON representation
PHP Access Control List based on Zend Framework 2 ACL
- Host: GitHub
- URL: https://github.com/northern/acl
- Owner: northern
- License: apache-2.0
- Created: 2014-10-19T06:55:19.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2016-09-11T23:49:25.000Z (over 8 years ago)
- Last Synced: 2024-07-09T10:08:21.330Z (6 months ago)
- Language: PHP
- Size: 16.6 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ACL
A simple Role based Access Control List build on Zend Framework 2 ACL.
## Introduction
Northern\Acl is a role based ACL that allows for easy definition of permissions for specific roles. Roles can inherit from other roles. Simply by storing a role against a user, using that role would allow you to test if that role is permitted a certain access criteria.
## Installation
To use Northern\Acl add it to your project using Composer:
"northern/acl": "1.*"
## Usage
To use Northern\Acl start by defining a permissions list. We can start with an empty list:
$permissions = [
'roles' => [],
'resources' => [],
'rules' => [],
];
Our permissions list contains three top-level requirements, `roles`, `resources` and `rules`. The idea behind a role based ACL is that a specific role has access to resources through specified rules. Don't confuse the elements you define in this list with 'real' objects in your application. The permissions list is simply a structure (or model) we test against, it is static and therefore it doesn't need to be stored in a database but can simply be defined in a business object in your application as part of your business rules.
Let's add some permissions..
For the purpose of this demonstration we define four roles; `guest`, `member`, `author` and `admin`. For the sake of argument, we define the resources for a simple blog so we have `post` and `comment` as resources:
$permissions = [
'roles' => [
['name' => 'guest'],
['name' => 'member', 'parent' => 'guest'],
['name' => 'author', 'parent' => 'member'],
['name' => 'admin', 'parent' => 'author'],
],
'resources' => [
['name' => 'post'],
['name' => 'comment'],
],
'rules' => [],
];
Easy as. Now lets define a rule that allows guests to view both posts and comments:
$permissions = [
'roles' => [
['name' => 'guest'],
['name' => 'member', 'parent' => 'guest'],
['name' => 'author', 'parent' => 'member'],
['name' => 'admin', 'parent' => 'author'],
],
'resources' => [
['name' => 'post'],
['name' => 'comment'],
],
'rules' => [
[
'access' => 'allow',
'role' => 'guest',
'permissions' => ['view'],
'resources' => ['post', 'comment'],
]
],
];
As you can see, the rule is pretty straight forward. both `permissions` and `resources` can either be set as single values or as an array. Let's create a rule that allows members to create comments:
$permissions = [
'roles' => [
['name' => 'guest'],
['name' => 'member', 'parent' => 'guest'],
['name' => 'author', 'parent' => 'member'],
['name' => 'admin', 'parent' => 'author'],
],
'resources' => [
['name' => 'post'],
['name' => 'comment'],
],
'rules' => [
[
'access' => 'allow',
'role' => 'guest',
'permissions' => ['view'],
'resources' => ['post', 'comment'],
], [
'access' => 'allow',
'role' => 'member',
'permissions' => ['create'],
'resources' => ['comment'],
]
],
];
Great. Now let's fill in the rest of the permissions:
$permissions = [
'roles' => [
['name' => 'guest'],
['name' => 'member', 'parent' => 'guest'],
['name' => 'author', 'parent' => 'member'],
['name' => 'admin', 'parent' => 'author'],
],
'resources' => [
['name' => 'post'],
['name' => 'comment'],
],
'rules' => [
[
'access' => 'allow',
'role' => 'guest',
'permissions' => ['view'],
'resources' => ['post', 'comment'],
], [
'access' => 'allow',
'role' => 'member',
'permissions' => ['create'],
'resources' => ['comment'],
], [
'access' => 'allow',
'role' => 'author',
'permissions' => ['create', 'edit', 'delete'],
'resources' => ['post'],
], [
'access' => 'allow',
'role' => 'admin',
'permissions' => NULL,
'resources' => NULL,
]
],
];
We added the author permissions and set the admin permissions to allow all access on all resources.
To use these permissions we need to load them into the ACL, like this:
$acl = new \Northern\Acl\Acl();
$acl->loadPermissions( $permissions );
The `$acl` instance will allow us to test for permissions through the `isAllowed` method. However, the true power of Northern\Acl is in the `Permissions` class of which need to create a subclass:
class Permissions extends \Northern\Acl\Permissions {
public function getRoles()
{
return ['guest', 'member', 'author', 'admin'];
}
public function getResources()
{
return ['post', 'comment'];
}
public function getRules()
{
return ['create', 'view', 'edit', 'delete'];
}
}
We can now use this `Permissions` class to do some magic:
$acl = new \Northern\Acl\Acl();
$acl->loadPermissions( $permissions );
$authorPermissions = new Permissions( $acl, 'author' );
$authorPermissions->canCreatePost();
// TRUE!
As you can see. The `Permissions` instance allows you to test for permissions on a role through magic methods.
That's all folks!