alchemy / acl-bundle
Symfony ACL bundle
Installs: 4 028
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 5
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^8.2
- ext-json: *
- doctrine/orm: ^2.6
- ramsey/uuid-doctrine: ^1.5
- symfony/event-dispatcher: ^4.0|^5.4|^6.1
- symfony/framework-bundle: ^4.0|^5.4|^6.1
- symfony/security-bundle: ^4.0|^5.4|^6.1
- symfony/validator: ^6.3
- symfony/yaml: ^4.4|^5.4|^6.1
Requires (Dev)
- doctrine/doctrine-bundle: ^2.10
- friendsofphp/php-cs-fixer: ^3
- phpunit/phpunit: ^8.4|^10.2.2
README
Installation
Project configuration
Add the entities you want to extend with ACL:
# config/packages/alchemy_acl.yaml alchemy_acl: objects: publication: App\Entity\Publication asset: App\Entity\Asset
Then you must alias your UserRepository service:
# config/services.yaml services: Alchemy\AclBundle\Repository\UserRepositoryInterface: '@App\Repository\UserRepository'
Add redis cache for access token:
# config/packages/cache.yaml framework: cache: default_redis_provider: redis://redis pools: accessToken.cache: # You must use this name for auto wiring adapter: cache.adapter.redis
API
Definitions
-
userType
Can beuser
orgroup
-
userId
The user ID or the group ID (depending on theuserType
). If the value is NULL, then the ACE allows everybody. -
objectType
Depending on the application. Rely on the object you have defined:
alchemy_acl: objects: publication: App\Entity\Publication asset: App\Entity\Asset
In this application, objectType
can be either publication
or asset
.
objectId
If the value is NULL, then the ACE is apply to all objects of thisobjectType
.
Endpoints
This bundle exposes the following routes to the application:
GET /permissions/aces
Get access control entries (ACEs) Available query filters:userType
(user
orgroup
)userId
objectType
objectId
Examples:
# List all ACEs of an object curl {HOST}/permissions/aces?objectType=publication&objectId=pub-42 # List all ACEs of a group curl {HOST}/permissions/aces?userType=group&userId=g-42 # List all ACEs of a user curl {HOST}/permissions/aces?userType=user&userId=u-42 # List all ACEs of a user on an object curl {HOST}/permissions/aces?userType=user&userId=u-42&objectType=publication&objectId=pub-42
PUT /permissions/ace
Add or update access control entry (ACE)
You must provide the following body:
{ "userType": "user", "userId": "the-user-id", "objectType": "publication", "objectId": "the-publication-id", "mask": 7 }
DELETE /permissions/ace
Remove access control entry (ACE)
{ "userType": "user", "userId": "the-user-id", "objectType": "publication", "objectId": "the-publication-id" }