vrimeikis / acl
ACL service for Laravel 4.x
Requires
- php: >=5.3.0
- illuminate/support: 4.*
- rhumsaa/uuid: ~2.7
This package is not auto-updated.
Last update: 2024-11-16 07:42:50 UTC
README
This plugin allows you to separate access for users in different zones of your application. This acl plugin is database oriented. For example you have application which have administration part and front-end part, but you need both this parts to be controlled by acl separately. My plugin allows you to do this very easily. All you models must extend UuidModel witch using Uuid4 method
Atention
!!! Dev version has strong changes on db and functions !!!
Installation
composer.phar require vrimeikis/acl dev-master
Configuration
Create new file in config directory named acl.php and put this piece of code in this file.
<?php
//acl configuration file
return [
'zones' => ['superadmin', 'admin', 'basic'], //array of basic zones
'default_zone' => 'superadmin', //default zone (have to be in array of zones)
'admin_zone' => 'admin', //default zone (have to be in array of zones)
'basic_zone' => 'basic', //basic zone (have to be in array of zones)
// zones valid controller for individual zone
'zone_valid_controllers' => [
'admin' => ['AdminController', 'PersonalDataController', 'RemindersController'],
'basic' => ['AdminController', 'PersonalDataController', 'RemindersController'],
],
//valid actions array for menu
'valid_menu_route_actions' => [
'index',
],
//ignore seeding controllers for menu
'ignore_controllers' => [
'ResourcesController',
],
//default controllers (none editable and ignoring on modicications)
'default_controllers' => [
'AdminController',
'RemindersController',
'ResourcesController',
],
];
Setup
First you need to add
'IS\Acl\AclServiceProvider'
to your application service providers and
"Acl" => 'IS\Acl\Facades\Acl'
to your application facades. This allows you to use plugin with Acl facade in your application.
This plugin is managed by commands so you have to issue this command to setup the plugin
php artisan acl:setup //this command run database migrations and controller scanning
Controllers scanning
You do not have to care about what controllers and routes you have added and think about to add them into ACL plugin. Every time you add new controller or route simply issue the command:
php artisan acl:scan
Seed data
After scanning run this command to add relations to use any actions
php artisan acl:seed //this command seeds the database and allows default group to perform any action
Seed admin menu to database
Seed database if you create new routes on admin group
php artisan acl:menu
User identification
Then you create filter in your filters.php with this example code and add filter to your routes.
Route::filter('acl', function()
{
// zone type and id array by user ACL
$zone = Acl::getGroupsTypeAndIdByUserId(Auth::id());
if ($zone)
{
// this passes the user acl group id into plugin
Acl::$zone['type']()->identify($zone['group_id']);
// if user is allowed returns (bool) true if not returns (bool) false
if(!Acl::allowed())
{
//here goes your code for error exception
App::abort(403, 'Unauthorized action.');
}
}
else
{
App::abort(403, 'Unauthorized action.');
}
});
Multiple zones
If you want to use plugin with multiple zones simply add new zone to acl.php configuration file and use it like that
Acl::zonename()->identify($id);
Setting permissions
First you need to create some form of displaying the permissions of groups (aros) related to actions (acos). For that purpose you can use thoose commands:
List all resources (acos)
Acl::getResources();
List of all groups (aros) in zone
Acl::zonename()->getGroups();
To check if group is allowed to perform action you can use this method:
Acl::zonename()->getPermission((string) $aco_id, (string) $aro_id);
To set permission for specific aco and aro you can use this method:
Acl::zonename()->set((string) $aco_id, (string) $aro_id, (bool) $allowed, (string) $type);
Acl user groups
This acl plugin is group oriented so each acl check is performed on group level. It means that every user has to be in acl group and plugin does not care about user id but it cares about acl_group_id. In examples below zonename will be name of your zone for example default.
Add new group
Acl::zonename()->addGroup((string) $name, (string) $type (bool) $isdefault);
Edit existing group
Acl::zonename()->editGroup((string) $groupID, array("name"=> (string) $zonename, "type" => (string) $type, "default"=> (bool) $isdefault));
Delete group
Acl::zonename()->deleteGroup((string) $groupID);
List all groups
Acl::getAllGroups();
Group by id
Acl::getGroupById((string) $id);
##Zones
Those methods allows you to get list of all zones and get default zone name.
###List all zones
Method returns array of all zone names.
Acl::getZones();
###Get default zone name
Method returns default zone name as string.
Acl::getDefaultZone();
###Get admin menu list
Method returns admin menu list.
Acl::getAdminMenu($artificial = '0', $active = '1', $userId = NULL);