marks/acl

ACL service for Laravel 4.x

Laravel multizone ACL

This plugin allows you to separate access for users in different zones of your application. This acl plugin is database oriented. For example you have application which have administration part and front-end part, but you need both this parts to be controlled by acl separately. My plugin allows you to do this very easily., _(*1)

Installation

composer.phar require marks/acl dev-master

Configuration

Create new file in config directory named acl.php and put this piece of code in this file., _(*2)

<?php

//acl configuration file
return array(
    "max_groups" => 4, //maximum groups in one zone

    "zones"=>array("default"), //array of zones that you want to use

    "default_zone"=>"default", //default zone (have to be in array of zones)

    //zone specific configuration
    "default" => array(
        "model" => "User", //model
        "col" => "acl_group_id", //colum that specifies relation between model and acl group
    ),
);

Setup

First you need to add, _(*3)

'Marks\Acl\AclServiceProvider'

to your application service providers and, _(*4)

"Acl" => 'Marks\Acl\Facades\Acl'

to your application facades. This allows you to use plugin with Acl facade in your application., _(*5)

This plugin is managed by commands so you have to issue this commands to setup the plugin, _(*6)

php artisan acl:setup //this command run database migrations and controller scanning
php artisan acl:seed //this command seeds the database and allows default group to perform any action

Controllers scanning

You do not have to care about what controllers and routes you have added and think about to add them into ACL plugin. Every time you add new controller or route simply issue the command:, _(*7)

php artisan acl:scan

User identification

Then you create filter in your filters.php with this example code and add filter to your routes., _(*8)

Route::filter("acl", function(){
  //this passes the user acl group id into plugin
    Acl::default()->identify(Auth::user()->acl_group_id);
    //if user is allowed returns (bool) true if not returns (bool) false
    if(!Acl::allowed()){
      //here goes your code for error exception
      App::abort(403, 'Unauthorized action.');
    }
});

Multiple zones

If you want to use plugin with multiple zones simply add new zone to acl.php configuration file and use it like that, _(*9)

Acl::zonename()->identify($id);

Setting permissions

First you need to create some form of displaying the permissions of groups (aros) related to actions (acos). For that purpose you can use thoose commands:, _(*10)

List all resources (acos)

Acl::getResources();

List of all groups (aros) in zone

Acl::zonename()->getGroups();

To check if group is allowed to perform action you can use this method:, _(*11)

Acl::zonename()->getPermission((int) $aco_id, (int) $aro_id);

To set permission for specific aco and aro you can use this method:, _(*12)

Acl::zonename()->set((int) $aco_id, (int) $aro_id, (bool) $allowed);

Acl user groups

This acl plugin is group oriented so each acl check is performed on group level. It means that every user has to be in acl group and plugin does not care about user id but it cares about acl_group_id. In examples below zonename will be name of your zone for example default., _(*13)

Add new group

Acl::zonename()->addGroup((string) $zonename, (bool) $isdefault);

Edit existing group

Acl::zonename()->editGroup((int) $groupID, array("name"=> (string) $zonename, "default"=> (bool) $isdefault));

Delete group

Acl::zonename()->deleteGroup((int) $groupID);

List all groups

Acl::zonename()->getGroups();

Zones

Those methods allows you to get list of all zones and get default zone name., _(*14)

List all zones

Method returns array of all zone names., _(*15)

Acl::getZones();

Get default zone name

Method returns default zone name as string., _(*16)

Acl::getDefaultZone();