https://github.com/phwoolcon/admin

Admin module for Phwoolcon
https://github.com/phwoolcon/admin

Last synced: about 1 year ago
JSON representation

Admin module for Phwoolcon

• Host: GitHub
• URL: https://github.com/phwoolcon/admin
• Owner: phwoolcon
• License: apache-2.0
• Created: 2017-06-23T11:01:30.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2017-11-01T14:32:50.000Z (over 8 years ago)
• Last Synced: 2025-02-28T23:38:46.312Z (over 1 year ago)
• Language: PHP
• Size: 29.3 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Phwoolcon Admin

Admin module for Phwoolcon

## Features

* Admin User and Roles model

* Admin Login Auth

* Admin ACL (route based)

* Admin operation log

## ACL HOWTOs

### How/Where to define ACL resources

The ACl component will scan `admin/*` routes for corresponding controller methods as resources, and looking for `@acl-name` annotation as display name.

To skip ACL check for a whole controller, please set property `$skipAcl` as `true`.

To skip ACL check for a method, please set add a key-value `'methodName' => true,` in property `$skipAclMethod`.

### How to apply ACL

ACL SHOULD be applied in the controller method `initialze()`.

1. Use `Phwoolcon\Admin\Auth::getUser()` to get logged in admin user;

1. Process `$skipAcl` and `$skipAclMethod`.

1. Use `Acl::isAllowed($this->user, $controller, $action)` to check if the access is allowed to the user;

```php

 true,

    ];

    /**

     * @var AdminModel

     */

    protected $user;

    public function initialize()

    {

        $this->_initialize();

        $user = Auth::getUser();

        if (!$user) {

            $this->session->set('admin_redirect_url', secureUrl($this->request->getURI()));

            throw new HttpException('Moved Temporarily', 302, ['Location' => secureUrl('/admin/auth')]);

        }

        $this->user = $user;

        $this->checkAcl();

    }

    protected function checkAcl()

    {

        if ($this->skipAcl) {

            return;

        }

        $controller = $this->router->getControllerName();

        $action = $this->router->getActionName();

        if (!empty($this->skipAclMethod[$action])) {

            return;

        }

        if (Acl::isAllowed($this->user, $controller, $action)) {

            return;

        }

        throw new HttpException('Forbidden', 403);

    }

    /**

     * @acl-name List all blogs

     */

    public function getList()

    {

        // blah blah blah

    }

    /**

     * @acl-name Access a blog

     */

    public function getEdit()

    {

        // blah blah blah

    }

    /**

     * @acl-name Create a blog

     */

    public function postCreate()

    {

        // blah blah blah

    }

    /**

     * @acl-name Update a blog

     */

    public function postEdit()

    {

        // blah blah blah

    }

    /**

     * This method will be open to all admins

     */

    public function thisIsAnOpenMethod()

    {

        // blah blah blah

    }

}

```

### How to refresh ACL resources

The ACL resources will be refreshed after the cache is cleared.

In most cases, you just need to run `bin/dump-autoload` after you updated ACL definitions.