PHP Class Acl_Core, ACL

This is a Kohana port of the Zend_ACL library, with a few changes. Things that are different from Zend_ACL: 1) Your ACL definition is saved using the string identifiers of the roles/resources, NOT the objects. This way, if you serialize the ACL, you won't end up with a unneccesary large serialization string. You don't have to supply objects when adding roles/resources. EG a $acl->add_role('user') is fine. 2) If you have defined assertions in your rules, the assert methods will have access to the arguments you provided in the ->allow($role,$resource,$privilege) call. So, if you provide a User_Model as $role, the assert method will receive this object, and not the role_id of this object. This way, assertions become way more powerful. 3) Not all methods are implemented, because they weren't needed by me at the time. However, the essential methods (the core of ACL) are implemented, so the missing methods can be implemented easily when needed. 4) The methods are underscored instead of camelCased, so add_role, add_resource and is_allowed. Ported to Kohana & modified by Wouter - see Kohana Forum. Based on Zend_Acl:

Author: Woody Gilk ([email protected])

Show file Open project: wouterrr/acl Class Usage Examples

Protected Properties

Property	Type	Description
$_permissions		ACL permissions
$_resources		ACL resources
$_roles		ACL roles
$command		Current role/resource/privilege being matched

Public Methods

Method	Description
__sleep ( )
add_resource ( $resource, $parents = NULL ) : ACL_Core	Add a new resource.
add_role ( $role, $parents = NULL ) : ACL_Core	Add a new role.
allow ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core	Add "allow" access to a role.
deny ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core	Add "deny" access to a role.
is_allowed ( $role = NULL, $resource = NULL, $privilege = NULL ) : boolean	Check if a role is is allowed to a privilege on a resource.
roles ( $name ) : array	Get an array of role and all its parents.

Protected Methods

Method	Description
match ( $role, $resource, $privilege ) : boolean	Check if a role is is allowed to a privilege on a resource.
resources ( $name ) : array	Get an array of resource and all its parents.

Private Methods

Method	Description
add_rule ( $allow, $roles, $resources, $privileges, $assertion ) : ACL_Core	Add a permission for a role, setting the resources, privileges, and access type (allow, deny).

Method Details

__sleep() public method

public __sleep ( )

add_resource() public method

Add a "users" resource $acl->resource('users'); Add a "news" resource $acl->resource('news'); Add a "latest" resource with inherits from "news" $acl->resource('latest', 'news');

public add_resource ( $resource, $parents = NULL ) : ACL_Core
return	ACL_Core

add_role() public method

Add a "guest" role $acl->role('guest'); Add a "member" role that inherits from "guest" $acl->role('member', 'guest'); Add a "owner" role that inherits from "guest" and "member" $acl->role('owner', array('guest','member'));

public add_role ( $role, $parents = NULL ) : ACL_Core
return	ACL_Core

allow() public method

Allow "guest" to "view" the news $acl->allow('guest', 'news', 'view'); Allow "member" to "comment" on "news" $acl->allow('member', 'news', 'comment'); Allow "admin" to do anything $acl->allow('admin');

public allow ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core
$assertion	Acl_Assert_Interface
return	ACL_Core

deny() public method

Deny "member" to "edit" on "news" $acl->deny('member', 'news', 'edit'); [!!] By default, everything in an access control list is denied. It is not necessary to explicitly deny privileges except when an inherited role is allowed access.

public deny ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core
$assertion	Acl_Assert_Interface
return	ACL_Core

is_allowed() public method

Recursively checks all inherited roles and resources. Is "guest" allowed to "commment" the "news"? $acl->is_allowed('guest', 'news', 'comment'); Is "member" allowed to "commment" the "news"? $acl->allowed('member', 'news', 'commment');

public is_allowed ( $role = NULL, $resource = NULL, $privilege = NULL ) : boolean
return	boolean	is allowed

match() protected method

Recursively checks all inherited roles and resources.

protected match ( $role, $resource, $privilege ) : boolean
return	boolean	is allowed

resources() protected method

Get all resources for the 'news' resource $roles = $acl->resources('news');

protected resources ( $name ) : array
return	array

roles() public method

Get all roles for the 'member' role $roles = $acl->roles('member');

public roles ( $name ) : array
return	array

Property Details

$_permissions protected property

ACL permissions

protected $_permissions

$_resources protected property

ACL resources

protected $_resources

$_roles protected property

ACL roles

protected $_roles

$command protected property

Current role/resource/privilege being matched

protected $command