ripaclub / aclman
A library designed to manage ACL
Requires
- php: >=5.4.0
- zendframework/zend-permissions-acl: ~2.3
- zendframework/zend-servicemanager: ~2.3
Requires (Dev)
- phpunit/phpunit: ~4.2
- satooshi/php-coveralls: dev-master
- zendframework/zend-mvc: ~2.5.1
This package is not auto-updated.
Last update: 2024-11-09 17:19:28 UTC
README
AclMan is a PHP library designed to manage access control list (ACL).
Requisites
-
PHP >= 5.4
-
Composer
Features
AclMan has various features:
-
Assertions
It provides an
AssertionPluginManager
whose goal is to deliver the assertions (i.e.,AssertionInterface
objects) -
Permissions
Contains a class,
GenericPermission
, that is a container of permission options (e.g., a role, a resource, a privilege, an assertion) -
Resources and roles
It provides a set of traits aimed to check the validity of resources and roles and instantiate their relative classes
-
Storages
AclMan allows you to save the ACL configuration in several layers persistence, via
StorageInterface
objects and adapters (e.g.,ArrayAdapter
) -
Services
A set of classes aimed at the instantiation of ACL objects
Installation
Add ripaclub/aclman
to your composer.json
.
{
"require": {
"ripaclub/aclman": "~0.2.0"
}
}
Configuration
AclMan library has only two configuration nodes:
-
aclman_storage
to configure the persistence layer in which to save your ACL rules -
aclman_services
to configure your services (e.g., a storage and optionally a plugin manager)
Usage (1)
So, here is an example of use. You first need to configure the factories.
Put this PHP array into your configuration file.
'abstract_factories' => [ 'AclMan\Service\ServiceFactory', 'AclMan\Storage\StorageFactory' ], 'factories' => [ 'AclMan\Assertion\AssertionManager' => 'AclMan\Assertion\AssertionManagerFactory' ]
Then we configure our service.
'aclman_services' => [ 'AclService\Ex1' => [ 'storage' => 'AclStorage\Ex1', 'plugin_manager' => 'AclMan\Assertion\AssertionManager', ], ] 'aclman-assertion-manager' => [ 'invokables' => [ 'assertAlias' => 'assertionClass', ... ... ] ]
Finally, our storage configuration.
'aclman_storage' => [ 'AclStorage\Ex1' => [ 'roles' => [ // Config specific permission for role Role1 to resources Resource1 and Resource2 'Role1' => [ 'resources' => [ 'Resource1' => [ [ 'assert' => null, 'allow' => true, 'privilege' => 'add' ] ], 'Resource2' => [ [ 'assert' => [ 'assertAlias' => [ 'config' => 'test' ], ], 'allow' => true, 'privilege' => 'view' ] ] ], ], // Config specific permission for all roles to resource Resource1 (e.x public resource) StorageInterface::ALL_ROLES => [ 'resources' => [ 'Resource3' => [ [ 'allow' => true, ] ], ] ], // Config specific permission for Admin to all resource (e.x access to al resource to the admin) 'Admin' => [ 'resources' => [ StorageInterface::ALL_RESOURCES => [ [ 'allow' => true, ] ], ] ], ], ], ]
Our first ACL configuration is now complete. Use it:
$aclService1 = $serviceLocator->get('AclService\Ex1'); $aclService1->isAllowed('Role1', 'Resource1', 'view'); // FALSE $aclService1->isAllowed('Role1', 'Resource1', 'add'); // TRUE // ...
Notice the behaviour ...
$aclService1 = $serviceLocator->get('AclService\Ex1'); $aclService1->isAllowed('Role1', 'Resource1', 'add'); // TRUE $aclService1->isAllowed('Role1', 'Resource2', 'view'); // FALSE // ...