coresky/acl

Production ware for ACL

Maintainers

Details

github.com/energy-coresky/acl

Source

Issues

Installs: 14

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

0.545 2024-02-05 08:34 UTC

Requires

MIT 0f8d449feb512109c5ee64ef57f27a3a24de2fb7

aclaccess control listcoresky frameworkcoresky production ware

This package is auto-updated.

Last update: 2024-10-24 05:18:41 UTC

README

Production ware. Use this product if your application require access control manager.

CUD operation logging configurable at the ware installation stage.

Simple mode: Create/Read/Update/Delete for users profile allow objects. User's groups and single user_id do not used for ACL.

Extended mode: Create/Read/Update/Delete = C/R/U/D for user_profile, user_groups, user_id allow/deny for objects OR object_ID

User to Profiles is one to many relation. Users to Groups is many to many relation.

Tuning the ware:

# Rewrite for a_ actions:
if ($cnt && 'ctrl' == $surl[0]) { # Where 'ctrl' - tuning value (any of `/^[\w+\-]+$/`)
    common_c::$tune = array_shift($surl);
    $cnt--;
}

Simple usage in the application code

You must import at least \ACM and controller's c_acl class into application namespace.

// in the controllers:
if (!ACM::Ressence())
    return 404;
// in the Jet's templates the same way:
// @if(ACM::Ressence()) .. code .. ~if

Where Ressence:

  • R - char one of C/R/U/D or X. R - access for reading
  • essence - object (essence) name from acl_object database table

Usage for selected object ID

Access for selected object ID:

if (!$private || ACM::Rtopic($topic_id)) ..
# Where $topic_id is ID numeric value, $topic_id cannot be 0
# Access records with obj_id=0 give access to any $topic_id
# But you can tune access for defined $topic_id with access records where obj_id=$topic_id (!=0)

You must place in common_c::head_y($action):

$sky->profiles = ACM::init([
    'topic' => fn() => (object)$this->t_topic->acl(),
    'forum' => fn() => (object)$this->t_forum->acl(),
    # ...other objects with own access for defined obj_ID
]);
# Where each `acl()` method return fields, see example:
return [
    'from'    => $this->qp('from $_ where private=1'), # must be class SQL object
    'order'   => 'order by id desc',
    'columns' => ['id', 'topic_name || " " || dt', ['topic_name', 'dt']],
];
# Where columns[0] - column for obj_id
# Where columns[1] - column for comment
# Where columns[0] - array of columns for search filter

Objects for selected ID you can create using call:

ACM::object($obj, $obj_id, $desc) : `object record ID`
# where $obj - object name, example: "topic"
# where $desc - description
# object type_id will taken from $obj/0
# you can give access after object created:
ACM::access($id, $crud, $uid = 0, $pid = 0, $gid = 0)
# where $id is `object record ID`

Replacing Jet templates

See the root templates call:

#._ magic marker
#if(Plan::view_t(['main', 'acl.jet']))
    @inc(acl.)
#else
    @inc(.menu)@inc(_access.)
#end
#._ magic marker

All templates can be changed with application code in file acl.jet. You can also use parts of original ACL Jet files using back call: @inc(_user.profiles) for example

Improvement for MySQL

-- use enum for object's types:
ALTER TABLE tblname CHANGE `obj` `obj` enum('com','per','prj','act','face') DEFAULT NULL,
-- add a index:
..

Drop old ACL Log records

You can do it using CRON task for example:

->at('2 2', function() use ($cron) {
    $cron->sql('delete from $_acl_log where dt ... ');
})

Fictitious ACM class

If the application code contains references to the ACL class, but you need to temporarily uninstall the ACL product, you can add a dummy ACM class to the application's w3 folder:

<?php

class ACM # stub class used when ACL ware do not installed
{
    static function __callStatic($name, $args) {
        return false; # or true
    }
}