PHP Class Acl_Core, ACL

This is a Kohana port of the Zend_ACL library, with a few changes. Things that are different from Zend_ACL: 1) Your ACL definition is saved using the string identifiers of the roles/resources, NOT the objects. This way, if you serialize the ACL, you won't end up with a unneccesary large serialization string. You don't have to supply objects when adding roles/resources. EG a $acl->add_role('user') is fine. 2) If you have defined assertions in your rules, the assert methods will have access to the arguments you provided in the ->allow($role,$resource,$privilege) call. So, if you provide a User_Model as $role, the assert method will receive this object, and not the role_id of this object. This way, assertions become way more powerful. 3) Not all methods are implemented, because they weren't needed by me at the time. However, the essential methods (the core of ACL) are implemented, so the missing methods can be implemented easily when needed. 4) The methods are underscored instead of camelCased, so add_role, add_resource and is_allowed. Ported to Kohana & modified by Wouter - see Kohana Forum. Based on Zend_Acl:

Author: Woody Gilk ([email protected])

Afficher le fichier Open project: wouterrr/acl Class Usage Examples

Protected Properties

Свойство	Type	Description
$_permissions		ACL permissions
$_resources		ACL resources
$_roles		ACL roles
$command		Current role/resource/privilege being matched

Méthodes publiques

Méthode	Description
__sleep ( )
add_resource ( $resource, $parents = NULL ) : ACL_Core	Add a new resource.
add_role ( $role, $parents = NULL ) : ACL_Core	Add a new role.
allow ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core	Add "allow" access to a role.
deny ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core	Add "deny" access to a role.
is_allowed ( $role = NULL, $resource = NULL, $privilege = NULL ) : boolean	Check if a role is is allowed to a privilege on a resource.
roles ( $name ) : array	Get an array of role and all its parents.

Méthodes protégées

Méthode	Description
match ( $role, $resource, $privilege ) : boolean	Check if a role is is allowed to a privilege on a resource.
resources ( $name ) : array	Get an array of resource and all its parents.

Private Methods

Méthode	Description
add_rule ( $allow, $roles, $resources, $privileges, $assertion ) : ACL_Core	Add a permission for a role, setting the resources, privileges, and access type (allow, deny).

Method Details

__sleep() public méthode

public __sleep ( )

add_resource() public méthode

Add a "users" resource $acl->resource('users'); Add a "news" resource $acl->resource('news'); Add a "latest" resource with inherits from "news" $acl->resource('latest', 'news');

public add_resource ( $resource, $parents = NULL ) : ACL_Core
Résultat	ACL_Core

add_role() public méthode

Add a "guest" role $acl->role('guest'); Add a "member" role that inherits from "guest" $acl->role('member', 'guest'); Add a "owner" role that inherits from "guest" and "member" $acl->role('owner', array('guest','member'));

public add_role ( $role, $parents = NULL ) : ACL_Core
Résultat	ACL_Core

allow() public méthode

Allow "guest" to "view" the news $acl->allow('guest', 'news', 'view'); Allow "member" to "comment" on "news" $acl->allow('member', 'news', 'comment'); Allow "admin" to do anything $acl->allow('admin');

public allow ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core
$assertion	Acl_Assert_Interface
Résultat	ACL_Core

deny() public méthode

Deny "member" to "edit" on "news" $acl->deny('member', 'news', 'edit'); [!!] By default, everything in an access control list is denied. It is not necessary to explicitly deny privileges except when an inherited role is allowed access.

public deny ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core
$assertion	Acl_Assert_Interface
Résultat	ACL_Core

is_allowed() public méthode

Recursively checks all inherited roles and resources. Is "guest" allowed to "commment" the "news"? $acl->is_allowed('guest', 'news', 'comment'); Is "member" allowed to "commment" the "news"? $acl->allowed('member', 'news', 'commment');

public is_allowed ( $role = NULL, $resource = NULL, $privilege = NULL ) : boolean
Résultat	boolean	is allowed

match() protected méthode

Recursively checks all inherited roles and resources.

protected match ( $role, $resource, $privilege ) : boolean
Résultat	boolean	is allowed

resources() protected méthode

Get all resources for the 'news' resource $roles = $acl->resources('news');

protected resources ( $name ) : array
Résultat	array

roles() public méthode

Get all roles for the 'member' role $roles = $acl->roles('member');

public roles ( $name ) : array
Résultat	array

Property Details

$_permissions protected_oe property

ACL permissions

protected $_permissions

$_resources protected_oe property

ACL resources

protected $_resources

$_roles protected_oe property

ACL roles

protected $_roles

$command protected_oe property

Current role/resource/privilege being matched

protected $command