Skip to content

phpMv/ubiquity-acl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

245 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.scrutinizer.yml
.scrutinizer.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

ubiquity-acl

Scrutinizer Code Quality Build Status Code Intelligence Status Code Coverage

Access control lists for Ubiquity framework

Samples

Defining ACLs at runtime

One by one

AclManager::start();
AclManager::addRole('@USER');
AclManager::addResource('Home');
AclManager::addPermission('READ',1);
AclManager::allow('@USER','Home','READ');

By grouping

AclManager::start();
AclManager::addAndAllow('@USER','Home','READ');

Defining ACLs with annotations or attributes

Starting

use Ubiquity\security\acl\AclManager;
use Ubiquity\security\acl\persistence\AclCacheProvider;

AclManager::start();
AclManager::initFromProviders([
	new AclCacheProvider()
]);

Defining ACLs in controllers

A controller as a resource, authorized for a role

With annotations:

namespace controllers;
/**
 * @resource('Main')
 * @allow('role'=>'@USER')
 */
class TestAclController extends ControllerBase {
	use AclControllerTrait;
}

With attributes:

namespace controllers;
use Ubiquity\attributes\items\acl\Resource;
use Ubiquity\attributes\items\acl\Allow;

#[Resource('Main')]
#[Allow(role: '@USER')]
class TestAclController extends ControllerBase {
	use AclControllerTrait;
}

Overriding

It is necessary to override the _getRole method so that it returns the role of the active user:

namespace controllers;
use Ubiquity\attributes\items\acl\Resource;
use Ubiquity\attributes\items\acl\Allow;use Ubiquity\utils\http\USession;
use Ubiquity\utils\http\USession;

#[Resource('Main')]
#[Allow(role: '@USER')]
class TestAclController extends ControllerBase {
	use AclControllerTrait;
	
	public function _getRole(){
	    $activeUser=USession::get('activeUser');
	    if(isset($activeUser)){
	        return $activeUser->getRole();
	    }
	}
}

Defining ACLs with Database

The ACLs defined in the database are additional to the ACLs defined via annotations or attributes.

Initializing

The initialization allows to create the tables associated to the ACLs (Role, Resource, Permission, AclElement). It needs to be done only once, and in dev mode only.

use Ubiquity\controllers\Startup;
use Ubiquity\security\acl\AclManager;

$config=Startup::$config;
AclManager::initializeDAOProvider($config, 'default');

Starting

In app/config/services.php file :

use Ubiquity\security\acl\AclManager;
use Ubiquity\security\acl\persistence\AclCacheProvider;
use Ubiquity\security\acl\persistence\AclDAOProvider;
use Ubiquity\orm\DAO;

DAO::start();//Optional, to use only if dbOffset is not default

AclManager::start();
AclManager::initFromProviders([
	new AclCacheProvider(), new AclDAOProvider($config)
]);

About

Access control lists for Ubiquity framework

ubiquity.kobject.net

Topics

php security ubiquity-framework

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 15

0.0.15 release Latest
Jan 4, 2023
+ 14 releases

Packages

No packages published

Languages