PHP Class Acl_Core, ACL
This is a Kohana port of the Zend_ACL library, with a few changes.
Things that are different from Zend_ACL:
1) Your ACL definition is saved using the string identifiers of the roles/resources,
NOT the objects. This way, if you serialize the ACL, you won't end up with a
unneccesary large serialization string. You don't have to supply objects when
adding roles/resources. EG a $acl->add_role('user') is fine.
2) If you have defined assertions in your rules, the assert methods will have access
to the arguments you provided in the ->allow($role,$resource,$privilege) call.
So, if you provide a User_Model as $role, the assert method will receive this object,
and not the role_id of this object. This way, assertions become way more powerful.
3) Not all methods are implemented, because they weren't needed by me at the time.
However, the essential methods (the core of ACL) are implemented, so the missing methods
can be implemented easily when needed.
4) The methods are underscored instead of camelCased, so add_role, add_resource and is_allowed.
Ported to Kohana & modified by Wouter - see Kohana Forum.
Based on Zend_Acl:
Exibir arquivo
Open project: wouterrr/acl
Class Usage Examples
Protected Properties
Public Methods
Method |
Description |
|
__sleep ( ) |
|
|
add_resource ( $resource, $parents = NULL ) : ACL_Core |
Add a new resource. |
|
add_role ( $role, $parents = NULL ) : ACL_Core |
Add a new role. |
|
allow ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core |
Add "allow" access to a role. |
|
deny ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core |
Add "deny" access to a role. |
|
is_allowed ( $role = NULL, $resource = NULL, $privilege = NULL ) : boolean |
Check if a role is is allowed to a privilege on a resource. |
|
roles ( $name ) : array |
Get an array of role and all its parents. |
|
Protected Methods
Method |
Description |
|
match ( $role, $resource, $privilege ) : boolean |
Check if a role is is allowed to a privilege on a resource. |
|
resources ( $name ) : array |
Get an array of resource and all its parents. |
|
Private Methods
Method |
Description |
|
add_rule ( $allow, $roles, $resources, $privileges, $assertion ) : ACL_Core |
Add a permission for a role, setting the resources, privileges, and
access type (allow, deny). |
|
Method Details
add_resource()
public method
Add a "users" resource
$acl->resource('users');
Add a "news" resource
$acl->resource('news');
Add a "latest" resource with inherits from "news"
$acl->resource('latest', 'news');
public add_resource ( $resource, $parents = NULL ) : ACL_Core |
return |
ACL_Core |
|
Add a "guest" role
$acl->role('guest');
Add a "member" role that inherits from "guest"
$acl->role('member', 'guest');
Add a "owner" role that inherits from "guest" and "member"
$acl->role('owner', array('guest','member'));
public add_role ( $role, $parents = NULL ) : ACL_Core |
return |
ACL_Core |
|
Allow "guest" to "view" the news
$acl->allow('guest', 'news', 'view');
Allow "member" to "comment" on "news"
$acl->allow('member', 'news', 'comment');
Allow "admin" to do anything
$acl->allow('admin');
public allow ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core |
$assertion |
Acl_Assert_Interface |
|
return |
ACL_Core |
|
Deny "member" to "edit" on "news"
$acl->deny('member', 'news', 'edit');
[!!] By default, everything in an access control list is denied. It is
not necessary to explicitly deny privileges except when an inherited role
is allowed access.
public deny ( $roles = NULL, $resources = NULL, $privileges = NULL, Acl_Assert_Interface $assertion = NULL ) : ACL_Core |
$assertion |
Acl_Assert_Interface |
|
return |
ACL_Core |
|
is_allowed()
public method
Recursively checks all inherited roles and resources.
Is "guest" allowed to "commment" the "news"?
$acl->is_allowed('guest', 'news', 'comment');
Is "member" allowed to "commment" the "news"?
$acl->allowed('member', 'news', 'commment');
Recursively checks all inherited roles and resources.
resources()
protected method
Get all resources for the 'news' resource
$roles = $acl->resources('news');
Get all roles for the 'member' role
$roles = $acl->roles('member');
Property Details
$_permissions protected_oe property
$_resources protected_oe property
$_roles protected_oe property
$command protected_oe property
Current role/resource/privilege being matched