thelia/customer-group-acl-module

0.2.3 2016-01-28 09:02 UTC

This package is auto-updated.

Last update: 2024-11-14 22:00:39 UTC


README

Extends the CustomerGroup module with an access control list mechanism that can be used to allow or deny access to some resource to a customer group.

Installation

Manually

  • Copy the module into <thelia_root>/local/modules/ directory and make sure that the name of the module is CustomerGroupAcl.
  • Activate it in your Thelia administration panel

Composer

Add it in your main Thelia composer.json file

composer require thelia/customer-group-acl-module:~0.1

## Update

0.1.3

  • Change acl data table to add class_name, the class name to check specific object acl ;
  • Dispatch CheckAclEvent_[resource] ;
  • Change checkAcl definition to checkAcl($resources, $accesses, $accessOr = false, $entityId = null, $dispatchEvent = false) :
    • $entityId, object identifying, if isset resources must be alone,
    • $dispatchEvent, if is set, CheckAclEvent are dispatch, default false ;

Execute setup/update-0.1.2-0.1.3.sql script.

Configuration

Using the configuration file

Modules that use customer group ACLs must define them in the acl.xml file in the module configuration directory. The ACLs will be created when the module is activated.

Since ACLs are applied to customer group, you must have already have created some in order to use them (see the CustomerGroup module documentation). In this exemple, we will assume that the client, vip, also-vip-1 and also-vip-2 groups exists.

<?xml version="1.0" encoding="UTF-8" ?>
<config xmlns="http://thelia.net/acl"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://thelia.net/acl http://thelia.net/acl/acl.xsd">
      <acls>
          <acl code="vip-perks">
              <descriptive locale="en_US">
                  <title>VIP perks</title>
                  <description>Special VIP perks.</description>
              </descriptive>
              <descriptive locale="en_US">
                  <title>Avantages VIP</title>
                  <description>Avantages spéciaux VIP.</description>
              </descriptive>
          </acl>
          <customergroups>
              <customergroup group="vip">
                  <customergroupacl aclcode="vip-perks">
                      <access right="VIEW"/>
                  </customergroupacl>
              </customergroup>

              <customergroup group="extra-vip-1">
                  <extends-customergroupacl
                      group="vip"
                  />
              </customergroup>

              <customergroup group="extra-vip-2">
                  <extends-customergroupacl
                      group="vip"
                      aclcode="vip-perks"
                  />
              </customergroup>
          </customergroups>
      <acls>
</config>

Here we define an ACL resource vip-perks and grant VIEW type access to this resource to the vip group. The extra-vip-1 group is set to have the same accesses as the vip group. The extra-vip-2 group is also set to have the same rights as the vip group, but only for the vip-perks ACL resource.

Using the back office

ACLs and group accesses can also be configured in the Thelia back office. A link to the configuration page is available in the Tools menu.

Access types

The available access types are defined in the Thelia access manager:

  • VIEW
  • CREATE
  • UPDATE
  • DELETE

Additionally, the ALL access can be used to grant all available accesses.

Check group access

PHP

The customer_group_acl.tool can be used to check ACL access.

$aclTool = $container->get("customer_group_acl.tool");

// simple check
$aclTool->checkAcl("vip-perks", AccessManager::VIEW);

// resources and accesess arguments can be a single value or an array of values
$aclTool->checkAcl(
    [
        "myAcl1",
        "myAcl2",
    ],
    [
        AccessManager::VIEW,
        AccessManager::CREATE,
    ]
);

// by default, checks that at all accesses are granted
// but you can also check that only at least one access is granted
$aclTool->checkAcl(
    "myAcl",
    [
        AccessManager::VIEW,
        AccessManager::CREATE,
    ],
    true
);

Smarty

Smarty plugins are provided to check ACL access in templates.

As with the PHP function, you can check multiple resources and accesses at once, and optionally require only one access.

Simple check

The check_acl function will throw an exception if the required access(es) are not granted.

{check_acl code='vip-perks' access='view'}

{check_acl code='vip-perks,myAcl' access='view,create'}

{check_acl code='myAcl' access='view,create,update' access_or=true}

Block check

The acl and elseacl tags can also be used to check ACL accesses with a block syntax.

{acl name='acl-check' code='vip-perks' access='view'}
    Here is some super secret stuff !
{/acl}

{elseacl rel='acl-check'}
   Get VIP access for more cool stuff !
{/elseacl}

Loop

acl

This loop list ACLs.

Input arguments

order can be one of:

  • id (default)
  • module
  • module_reverse

Output arguments

customer-group-acl

This loop list customer group access grants.

Input arguments

Output arguments