phpmv/ubiquity-acl

Access Control Lists for Ubiquity framework

Installs: 430

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 2

Forks: 0

Open Issues: 0

Type:extension

0.0.12 2021-12-26 03:33 UTC

This package is auto-updated.

Last update: 2022-04-26 04:41:31 UTC


README

Scrutinizer Code Quality Build Status Code Intelligence Status Code Coverage

Access control lists for Ubiquity framework

Samples

Defining ACLs at runtime

One by one

AclManager::start();
AclManager::addRole('@USER');
AclManager::addResource('Home');
AclManager::addPermission('READ',1);
AclManager::allow('@USER','Home','READ');

By grouping

AclManager::start();
AclManager::addAndAllow('@USER','Home','READ');

Defining ACLs with annotations or attributes

Starting

use Ubiquity\security\acl\AclManager;
use Ubiquity\security\acl\persistence\AclCacheProvider;

AclManager::start();
AclManager::initFromProviders([
	new AclCacheProvider()
]);

Defining ACLs in controllers

A controller as a resource, authorized for a role

With annotations:

namespace controllers;
/**
 * @resource('Main')
 * @allow('role'=>'@USER')
 */
class TestAclController extends ControllerBase {
	use AclControllerTrait;
}

With attributes:

namespace controllers;
use Ubiquity\attributes\items\acl\Resource;
use Ubiquity\attributes\items\acl\Allow;

#[Resource('Main')]
#[Allow(role: '@USER')]
class TestAclController extends ControllerBase {
	use AclControllerTrait;
}

Overriding

It is necessary to override the _getRole method so that it returns the role of the active user:

namespace controllers;
use Ubiquity\attributes\items\acl\Resource;
use Ubiquity\attributes\items\acl\Allow;use Ubiquity\utils\http\USession;
use Ubiquity\utils\http\USession;

#[Resource('Main')]
#[Allow(role: '@USER')]
class TestAclController extends ControllerBase {
	use AclControllerTrait;
	
	public function _getRole(){
	    $activeUser=USession::get('activeUser');
	    if(isset($activeUser)){
	        return $activeUser->getRole();
	    }
	}
}

Defining ACLs with Database

The ACLs defined in the database are additional to the ACLs defined via annotations or attributes.

Initializing

The initialization allows to create the tables associated to the ACLs (Role, Resource, Permission, AclElement). It needs to be done only once, and in dev mode only.

use Ubiquity\controllers\Startup;
use Ubiquity\security\acl\AclManager;

$config=Startup::$config;
AclManager::initializeDAOProvider($config, 'default');

Starting

In app/config/services.php file :

use Ubiquity\security\acl\AclManager;
use Ubiquity\security\acl\persistence\AclCacheProvider;
use Ubiquity\security\acl\persistence\AclDAOProvider;
use Ubiquity\orm\DAO;

DAO::start();//Optional, to use only if dbOffset is not default

AclManager::start();
AclManager::initFromProviders([
	new AclCacheProvider(), new AclDAOProvider($config)
]);