ACL manager
, (*1)
AclMan is a PHP library designed to manage access control list (ACL)., (*2)
Requisites
-
PHP >= 5.4, (*3)
-
Composer, (*4)
Features
AclMan has various features:, (*5)
-
Assertions, (*6)
It provides an AssertionPluginManager whose goal is to deliver the assertions (i.e., AssertionInterface objects), (*7)
-
Permissions, (*8)
Contains a class, GenericPermission, that is a container of permission options (e.g., a role, a resource, a privilege, an assertion), (*9)
-
Resources and roles, (*10)
It provides a set of traits aimed to check the validity of resources and roles and instantiate their relative classes, (*11)
-
Storages, (*12)
AclMan allows you to save the ACL configuration in several layers persistence, via StorageInterface objects and adapters (e.g., ArrayAdapter), (*13)
-
Services, (*14)
A set of classes aimed at the instantiation of ACL objects, (*15)
Installation
Add ripaclub/aclman to your composer.json., (*16)
{
"require": {
"ripaclub/aclman": "~0.2.0"
}
}
Configuration
AclMan library has only two configuration nodes:, (*17)
-
aclman_storage to configure the persistence layer in which to save your ACL rules, (*18)
-
aclman_services to configure your services (e.g., a storage and optionally a plugin manager), (*19)
Usage (1)
So, here is an example of use. You first need to configure the factories., (*20)
Put this PHP array into your configuration file., (*21)
'abstract_factories' => [
'AclMan\Service\ServiceFactory',
'AclMan\Storage\StorageFactory'
],
'factories' => [
'AclMan\Assertion\AssertionManager' => 'AclMan\Assertion\AssertionManagerFactory'
]
Then we configure our service., (*22)
'aclman_services' => [
'AclService\Ex1' => [
'storage' => 'AclStorage\Ex1',
'plugin_manager' => 'AclMan\Assertion\AssertionManager',
],
]
'aclman-assertion-manager' => [
'invokables' => [
'assertAlias' => 'assertionClass',
...
...
]
]
Finally, our storage configuration., (*23)
'aclman_storage' => [
'AclStorage\Ex1' => [
'roles' => [
// Config specific permission for role Role1 to resources Resource1 and Resource2
'Role1' => [
'resources' => [
'Resource1' => [
[
'assert' => null,
'allow' => true,
'privilege' => 'add'
]
],
'Resource2' => [
[
'assert' => [
'assertAlias' => [
'config' => 'test'
],
],
'allow' => true,
'privilege' => 'view'
]
]
],
],
// Config specific permission for all roles to resource Resource1 (e.x public resource)
StorageInterface::ALL_ROLES => [
'resources' => [
'Resource3' => [
[
'allow' => true,
]
],
]
],
// Config specific permission for Admin to all resource (e.x access to al resource to the admin)
'Admin' => [
'resources' => [
StorageInterface::ALL_RESOURCES => [
[
'allow' => true,
]
],
]
],
],
],
]
Our first ACL configuration is now complete. Use it:, (*24)
$aclService1 = $serviceLocator->get('AclService\Ex1');
$aclService1->isAllowed('Role1', 'Resource1', 'view'); // FALSE
$aclService1->isAllowed('Role1', 'Resource1', 'add'); // TRUE
// ...
Notice the behaviour ..., (*25)
$aclService1 = $serviceLocator->get('AclService\Ex1');
$aclService1->isAllowed('Role1', 'Resource1', 'add'); // TRUE
$aclService1->isAllowed('Role1', 'Resource2', 'view'); // FALSE
// ...
, (*26)
Wallogit.com
