chippyash / zend-acl-xml-builder
Configuration of Zend 2 Acl instances using XML
Installs: 2 652
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 2
Open Issues: 0
Requires
- php: >=5.6
- chippyash/builderpattern: >=3,<4
- chippyash/strong-type: >=5,<6
- zendframework/zend-permissions-acl: >=2.6.0, <2.7.0
Requires (Dev)
- phpunit/phpunit: ~4.3.0
README
Quality Assurance
The above badges represent the current development branch. As a rule, I don't push to GitHub unless tests, coverage and usability are acceptable. This may not be true for short periods of time; on holiday, need code for some other downstream project etc. If you need stable code, use a tagged version. Read 'Further Documentation' and 'Installation'.
Test Contract in the docs directory.
Please note that developer support for PHP5.5 was withdrawn at version 3.0.0 of this library.
If you need support for PHP 5.5, please use a version >=2,<3
What?
Provides the ability to specify a Zend ACL using XML. The XML is validated by an XSD file which you can also use in your XML editor
Why?
Zend/Permissions/Acl is a great and lightweight way of providing access control to your applications, but it can be a PITA to configure using the native command set. As it happens, it is ideally placed, because of its structure, to be driven by an XML configuration.
This also means that the ACL can be managed by some third party application or service.
It is not beyond the wit of most to be able to write an XSL translation for
instance, that takes a definition from LDAP and converts to this library format
to be able then to control the ACL from your organisation's LDAP servers.
When
The current library handles reading nested XML files (or content) and returning an ACL. If you'd like new features, please suggest them in the issues tracker, or better still, fork the lib and issue a pull request (but please don't forget the unit tests!)
How
To understand how to use it, see the test files, in particular, take a look at AclDirectorTest as a starting point and work down from there.
In essence you need to do two things
- Provide an XML definition of the ACL
- Tell the Director where the XML is
This library depends on the Builder Pattern and the Strong Type libraries.
Defining the XML
For the canonical truth, study the XSD file located in src/chippyash/Zend/Acl/Xml/xsd
There is also an example XML file used for testing located in test/src/chippyash/Zend/Acl/Xml/fixtures
The XSD namespace is http://schema.zf4.biz/schema/zendacl. It is publicly available at the same url.
Your XML file should be defined as
<?xml version="1.0" encoding="UTF-8"?> <acl xmlns="http://schema.zf4.biz/schema/zendacl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schema.zf4.biz/schema/zendacl http://schema.zf4.biz/schema/zendacl" > </acl>
NB. you can replace the second part of the xsi:schemaLocation attribute to point at a local disk version of the XSD if you want to tinker with the XSD. e.g.
xsi:schemaLocation="http://schema.zf4.biz/schema/zendacl ../../zendacl.xsd"
Essentially, Zend-ACL defines the ACL in three parts:
- Roles
- Resources
- Rules
Whilst you can define Roles and Resources independently, Rules require that you have already defined Roles and Resources to act on. Rules also allow you to set additional privileges and assertions.
To provide an ACL you must specify all three parts.
Roles
- A role can have the following optional attributes:
- type: string: default = "GenericRole". Name of your specialized role class. The default uses the Zend GenericRole
- parents: string: default = none. Comma separated list of names of parents for this role
- Content for the role element is the role name
Resources
- A resource can have the following optional attributes:
- type: string: default = "GenericResource". Name of your specialized resource class. The default uses the Zend GenericResource
- parent: string: default = none. Name of parent for this resource. NB. unlike roles, resources may only have a single parent.
- Content for the resource element is the resource name
Rules
- A rule has an obligatory attribute:
- type: string: one of 'ALLOW' or 'DENY'
- A rule has the following optional arguments:
- roles: string: default = "*". comma separated list of role names that the rule applies to
- resources: string: default = "*". comma separated list of resource names that the rule applies to
- assertion: string: default = none. Fully namespaced class providing the assertion.
The class must exist and implement the Zend\Permissions\Acl\Assertion\AssertionInterface. You can find an example in test/src/chippyash/Zend/Acl/Xml/Stubs
- a rule can contain optional <privilege> elements. Each <privilege> element contains the name of an arbitrary privilege.
Importing definitions
You can import other ACL definitions into your definition by using the
<imports> <import>[path_to_file/|../*path_to_file/]file.xml<import> </imports>
If no path given, then expect file to be in same directory as parent file. If path begins .., then expect file to be in directory relative to parent file. If path supplied, then expect file to be in that directory. Thus the following are all valid:
myfile.xml ../../path/to/file.xml /path/to/file.xml
NB
All definition items are processed in the order that they appear in the XML file. Imports are processed first, by a L2R, depth first strategy.
Build the ACL
use Chippyash\Zend\Acl\Xml\AclDirector; use Chippyash\Type\String\StringType; $location = new StringType('/location/of/my/acl.xml'); $director = new AclDirector($location); $acl = $director->build();
Alternatively, you can pass in the XML to act on as a string, rather than a file. The string must of course conform to the zendacl.xsd (http://schema.zf4.biz/schema/zendacl) schema and be valid XML.
use Chippyash\Zend\Acl\Xml\AclDirector; use Chippyash\Type\String\StringType; $content = new StringType($myAclXml); $director = new AclDirector($content); $acl = $director->build();
Changing the library
- fork it
- write the test
- amend it
- do a pull request
Found a bug you can't figure out?
- fork it
- write the test
- do a pull request
NB. Make sure you rebase to HEAD before your pull request
Where?
The library is hosted at Github. It is available at Packagist.org
Installation
Install Composer
For production
add
"chippyash/zend-acl-xml-builder": ">=3,<4"
to your composer.json "requires" section
For development
Clone this repo, and then run Composer in local repo root to pull in dependencies
git clone git@github.com:chippyash/Zend-Acl-Xml-Builder.git ZendAclBuilder cd ZendAclBuilder composer install --dev
To run the tests:
cd ZendAclBuilder vendor/bin/phpunit -c test/phpunit.xml test/
Other stuff
Check out ZF4 Packages for more packages
License
This software library is released under the BSD 3 Clause license
This software library is Copyright (c) 2015-2018, Ashley Kitson, UK
History
V0... pre releases
V1.0.0 First version
V1.1.0 New feature: Namespaced the XSD and placed on public server
V1.2.0 New features:
- ACL definitions can import other definitions
- XML can be passed in as string as well as file
V1.2.1 Remove hard dependency on Zend-ACL version
V2.0.0 BC Break: change chippyash\Zend\Acl namespace to Chippyash\Zend\Acl
V2.0.1 moved from coveralls to codeclimate
V2.0.2 Add link to packages
V2.0.3 Verify PHP 7 compatibility
V2.0.4 Update dependencies
V2.0.5 update composer - forced by packagist composer.json format change
V3.0.0 BC Break. Withdraw support for old PHP versions
V3.1.0 Change of license from GPL V3 to BSD 3 Clause
V3.1.1 readme update