phpmv / ubiquity-acl
Access Control Lists for Ubiquity framework
Installs: 986
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Type:extension
Requires
- php: >=8.0
Requires (Dev)
- codeception/codeception: ^4.1
- codeception/module-asserts: ^1.0.0
- phpmv/ubiquity-dev: ^0.1
README
Access control lists for Ubiquity framework
Samples
Defining ACLs at runtime
One by one
AclManager::start(); AclManager::addRole('@USER'); AclManager::addResource('Home'); AclManager::addPermission('READ',1); AclManager::allow('@USER','Home','READ');
By grouping
AclManager::start(); AclManager::addAndAllow('@USER','Home','READ');
Defining ACLs with annotations or attributes
Starting
use Ubiquity\security\acl\AclManager; use Ubiquity\security\acl\persistence\AclCacheProvider; AclManager::start(); AclManager::initFromProviders([ new AclCacheProvider() ]);
Defining ACLs in controllers
A controller as a resource, authorized for a role
With annotations:
namespace controllers; /** * @resource('Main') * @allow('role'=>'@USER') */ class TestAclController extends ControllerBase { use AclControllerTrait; }
With attributes:
namespace controllers; use Ubiquity\attributes\items\acl\Resource; use Ubiquity\attributes\items\acl\Allow; #[Resource('Main')] #[Allow(role: '@USER')] class TestAclController extends ControllerBase { use AclControllerTrait; }
Overriding
It is necessary to override the _getRole method so that it returns the role of the active user:
namespace controllers; use Ubiquity\attributes\items\acl\Resource; use Ubiquity\attributes\items\acl\Allow;use Ubiquity\utils\http\USession; use Ubiquity\utils\http\USession; #[Resource('Main')] #[Allow(role: '@USER')] class TestAclController extends ControllerBase { use AclControllerTrait; public function _getRole(){ $activeUser=USession::get('activeUser'); if(isset($activeUser)){ return $activeUser->getRole(); } } }
Defining ACLs with Database
The ACLs defined in the database are additional to the ACLs defined via annotations or attributes.
Initializing
The initialization allows to create the tables associated to the ACLs (Role
, Resource
, Permission
, AclElement
).
It needs to be done only once, and in dev mode only.
use Ubiquity\controllers\Startup; use Ubiquity\security\acl\AclManager; $config=Startup::$config; AclManager::initializeDAOProvider($config, 'default');
Starting
In app/config/services.php
file :
use Ubiquity\security\acl\AclManager; use Ubiquity\security\acl\persistence\AclCacheProvider; use Ubiquity\security\acl\persistence\AclDAOProvider; use Ubiquity\orm\DAO; DAO::start();//Optional, to use only if dbOffset is not default AclManager::start(); AclManager::initFromProviders([ new AclCacheProvider(), new AclDAOProvider($config) ]);