ACL service for Laravel 4.x

2.0.1 2015-03-12 12:53 UTC

This package is not auto-updated.

Last update: 2024-11-16 07:42:50 UTC


README

This plugin allows you to separate access for users in different zones of your application. This acl plugin is database oriented. For example you have application which have administration part and front-end part, but you need both this parts to be controlled by acl separately. My plugin allows you to do this very easily. All you models must extend UuidModel witch using Uuid4 method

Atention

!!! Dev version has strong changes on db and functions !!!

Installation

composer.phar require vrimeikis/acl dev-master

Configuration

Create new file in config directory named acl.php and put this piece of code in this file.

<?php

//acl configuration file
return [
    'zones' => ['superadmin', 'admin', 'basic'], //array of basic zones

    'default_zone' => 'superadmin', //default zone (have to be in array of zones)
    'admin_zone'   => 'admin', //default zone (have to be in array of zones)
    'basic_zone'   => 'basic', //basic zone (have to be in array of zones)

    // zones valid controller for individual zone
    'zone_valid_controllers' => [
        'admin'  => ['AdminController', 'PersonalDataController', 'RemindersController'],
        'basic'  => ['AdminController', 'PersonalDataController', 'RemindersController'],
    ],

    //valid actions array for menu
    'valid_menu_route_actions' => [
        'index',
    ],

    //ignore seeding controllers for menu
    'ignore_controllers' => [
        'ResourcesController',
    ],
    
    //default controllers (none editable and ignoring on modicications)
    'default_controllers' => [
        'AdminController',
        'RemindersController',
        'ResourcesController',
    ],
];

Setup

First you need to add

'IS\Acl\AclServiceProvider'

to your application service providers and

"Acl" => 'IS\Acl\Facades\Acl'

to your application facades. This allows you to use plugin with Acl facade in your application.

This plugin is managed by commands so you have to issue this command to setup the plugin

php artisan acl:setup //this command run database migrations and controller scanning

Controllers scanning

You do not have to care about what controllers and routes you have added and think about to add them into ACL plugin. Every time you add new controller or route simply issue the command:

php artisan acl:scan

Seed data

After scanning run this command to add relations to use any actions

php artisan acl:seed //this command seeds the database and allows default group to perform any action

Seed admin menu to database

Seed database if you create new routes on admin group

php artisan acl:menu

User identification

Then you create filter in your filters.php with this example code and add filter to your routes.

Route::filter('acl', function()
{
    // zone type and id array by user ACL
    $zone = Acl::getGroupsTypeAndIdByUserId(Auth::id());

    if ($zone)
    {
        // this passes the user acl group id into plugin
        Acl::$zone['type']()->identify($zone['group_id']);
        // if user is allowed returns (bool) true if not returns (bool) false
        if(!Acl::allowed())
        {
            //here goes your code for error exception
            App::abort(403, 'Unauthorized action.');
        }
    }
    else
    {
        App::abort(403, 'Unauthorized action.');
    }
});

Multiple zones

If you want to use plugin with multiple zones simply add new zone to acl.php configuration file and use it like that

Acl::zonename()->identify($id);

Setting permissions

First you need to create some form of displaying the permissions of groups (aros) related to actions (acos). For that purpose you can use thoose commands:

List all resources (acos)
Acl::getResources();
List of all groups (aros) in zone
Acl::zonename()->getGroups();

To check if group is allowed to perform action you can use this method:

Acl::zonename()->getPermission((string) $aco_id, (string) $aro_id);

To set permission for specific aco and aro you can use this method:

Acl::zonename()->set((string) $aco_id, (string) $aro_id, (bool) $allowed, (string) $type);

Acl user groups

This acl plugin is group oriented so each acl check is performed on group level. It means that every user has to be in acl group and plugin does not care about user id but it cares about acl_group_id. In examples below zonename will be name of your zone for example default.

Add new group

Acl::zonename()->addGroup((string) $name, (string) $type (bool) $isdefault);

Edit existing group

Acl::zonename()->editGroup((string) $groupID, array("name"=> (string) $zonename, "type" => (string) $type, "default"=> (bool) $isdefault));

Delete group

Acl::zonename()->deleteGroup((string) $groupID);

List all groups

Acl::getAllGroups();

Group by id

Acl::getGroupById((string) $id);

##Zones
Those methods allows you to get list of all zones and get default zone name.

###List all zones
Method returns array of all zone names.

Acl::getZones();


###Get default zone name
Method returns default zone name as string.

Acl::getDefaultZone();


###Get admin menu list
Method returns admin menu list.

Acl::getAdminMenu($artificial = '0', $active = '1', $userId = NULL);