Configuration of Zend 2 Acl instances using XML
The above badges represent the current development branch. As a rule, I don't push to GitHub unless tests, coverage and usability are acceptable. This may not be true for short periods of time; on holiday, need code for some other downstream project etc. If you need stable code, use a tagged version. Read 'Further Documentation' and 'Installation'.
Test Contract in the docs directory.
Please note that developer support for PHP5.5 was withdrawn at version 3.0.0 of this library.
If you need support for PHP 5.5, please use a version
Provides the ability to specify a Zend ACL using XML. The XML is validated by an XSD file which you can also use in your XML editor
Zend/Permissions/Acl is a great and lightweight way of providing access control to your applications, but it can be a PITA to configure using the native command set. As it happens, it is ideally placed, because of its structure, to be driven by an XML configuration.
This also means that the ACL can be managed by some third party application or service.
It is not beyond the wit of most to be able to write an XSL translation for instance, that takes a definition from LDAP and converts to this library format to be able then to control the ACL from your organisation's LDAP servers.
The current library handles reading nested XML files (or content) and returning an ACL. If you'd like new features, please suggest them in the issues tracker, or better still, fork the lib and issue a pull request (but please don't forget the unit tests!)
To understand how to use it, see the test files, in particular, take a look at AclDirectorTest as a starting point and work down from there.
In essence you need to do two things
- Provide an XML definition of the ACL
- Tell the Director where the XML is
For the canonical truth, study the XSD file located in src/chippyash/Zend/Acl/Xml/xsd
There is also an example XML file used for testing located in test/src/chippyash/Zend/Acl/Xml/fixtures
The XSD namespace is http://schema.zf4.biz/schema/zendacl. It is publicly available at the same url.
Your XML file should be defined as
<?xml version="1.0" encoding="UTF-8"?> <acl xmlns="http://schema.zf4.biz/schema/zendacl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schema.zf4.biz/schema/zendacl http://schema.zf4.biz/schema/zendacl" > </acl>
NB. you can replace the second part of the xsi:schemaLocation attribute to point at a local disk version of the XSD if you want to tinker with the XSD. e.g.
Essentially, Zend-ACL defines the ACL in three parts:
Whilst you can define Roles and Resources independently, Rules require that you have already defined Roles and Resources to act on. Rules also allow you to set additional privileges and assertions.
To provide an ACL you must specify all three parts.
- A role can have the following optional attributes:
- type: string: default = "GenericRole". Name of your specialized role class. The default uses the Zend GenericRole
- parents: string: default = none. Comma separated list of names of parents for this role
- Content for the role element is the role name
- A resource can have the following optional attributes:
- type: string: default = "GenericResource". Name of your specialized resource class. The default uses the Zend GenericResource
- parent: string: default = none. Name of parent for this resource. NB. unlike roles, resources may only have a single parent.
- Content for the resource element is the resource name
- A rule has an obligatory attribute:
- type: string: one of 'ALLOW' or 'DENY'
- A rule has the following optional arguments:
- roles: string: default = "*". comma separated list of role names that the rule applies to
- resources: string: default = "*". comma separated list of resource names that the rule applies to
- assertion: string: default = none. Fully namespaced class providing the assertion.
The class must exist and implement the Zend\Permissions\Acl\Assertion\AssertionInterface. You can find an example in test/src/chippyash/Zend/Acl/Xml/Stubs
- a rule can contain optional <privilege> elements. Each <privilege> element contains the name of an arbitrary privilege.
You can import other ACL definitions into your definition by using the
<imports> <import>[path_to_file/|../*path_to_file/]file.xml<import> </imports>
If no path given, then expect file to be in same directory as parent file. If path begins .., then expect file to be in directory relative to parent file. If path supplied, then expect file to be in that directory. Thus the following are all valid:
myfile.xml ../../path/to/file.xml /path/to/file.xml
All definition items are processed in the order that they appear in the XML file. Imports are processed first, by a L2R, depth first strategy.
use Chippyash\Zend\Acl\Xml\AclDirector; use Chippyash\Type\String\StringType; $location = new StringType('/location/of/my/acl.xml'); $director = new AclDirector($location); $acl = $director->build();
Alternatively, you can pass in the XML to act on as a string, rather than a file. The string must of course conform to the zendacl.xsd (http://schema.zf4.biz/schema/zendacl) schema and be valid XML.
use Chippyash\Zend\Acl\Xml\AclDirector; use Chippyash\Type\String\StringType; $content = new StringType($myAclXml); $director = new AclDirector($content); $acl = $director->build();
- fork it
- write the test
- amend it
- do a pull request
Found a bug you can't figure out?
- fork it
- write the test
- do a pull request
NB. Make sure you rebase to HEAD before your pull request
to your composer.json "requires" section
Clone this repo, and then run Composer in local repo root to pull in dependencies
git clone email@example.com:chippyash/Zend-Acl-Xml-Builder.git ZendAclBuilder cd ZendAclBuilder composer install --dev
To run the tests:
cd ZendAclBuilder vendor/bin/phpunit -c test/phpunit.xml test/
Check out ZF4 Packages for more packages
This software library is released under the BSD 3 Clause license
This software library is Copyright (c) 2015-2018, Ashley Kitson, UK
V0... pre releases
V1.0.0 First version
V1.1.0 New feature: Namespaced the XSD and placed on public server
V1.2.0 New features:
- ACL definitions can import other definitions
- XML can be passed in as string as well as file
V1.2.1 Remove hard dependency on Zend-ACL version
V2.0.0 BC Break: change chippyash\Zend\Acl namespace to Chippyash\Zend\Acl
V2.0.1 moved from coveralls to codeclimate
V2.0.2 Add link to packages
V2.0.3 Verify PHP 7 compatibility
V2.0.4 Update dependencies
V2.0.5 update composer - forced by packagist composer.json format change
V3.0.0 BC Break. Withdraw support for old PHP versions
V3.1.0 Change of license from GPL V3 to BSD 3 Clause
V3.1.1 readme update