Coder Social home page Coder Social logo

access-acl's Introduction

Nybbl Access ACL

An easy to use ACL implementation for ZF3. Provides support for Doctrine out of the box.

Installation

$ composer require nybbl/access-acl

Usage

To use this module, add it to your modules.config.php file:

return [
    ...
    
    'Nybbl\AccessAcl',
];

Optional Config

If you want to further configure the module, copy the contents of this package's config/module.config.php into config/autoload/nybbl.access.acl.config.php or into your config/autoload/global.php file.

'access_manager' => [
    'redirect_route_name' => 'application.home',
    'default_access_all_role' => 'Guest',
],

Config key descriptions:

  • redirect_route_name: The route name where the application should redirect. For example, you might want unauthorised users to be redirect to "user.login".

  • default_access_all_role: The default role. If there's no identity in the AuthenticationService, then the default role is "Guest".

Mapping Resources

The core of an ACL is a resource. To map your resources (aka controllers), you can specify an array key in your module configs.

Application/config/module.config.php:

'controllers' => [
    'factories' => [
        Controller\ApplicationController::class => InvokableFactory::class,
    ],
],

## This is where you can specify your resources
'access_manager' => [
    'resources' => [
        Controller\ApplicationController::class => [
            [
                'allow'   => 'Guest',
                'actions' => ['index'],
            ],
            [
                'allow'   => 'Admin',
                'actions' => ['home', 'users', 'posts'],
            ],
        ],
    ],
],

Customising the not-authorised view

By default, the "not-authorised" view just renders some text. You most likely want to customise this. You can create a view directory in any module with the path:

access-acl/not-authorised/index.twig

Changing Role Providers

To change your role provider, you'll need a class that implements the RoleProviderInterface. Then add the alias to the interface in your module config:

'service_manager' => [
    'aliases' => [
        Nybbl\AccessAcl\Contract\RoleProviderInterface::class => MyCustomRoleProvider::class,
    ],
],

Creating Roles

To create a role, you'll need to create a class that implements the Nybbl\AccessAcl\Contract\RoleInterface

Like so:

class AdminRole implements RoleInterface
{
    // Implement body methods.
}

Your custom role provider can then consume these roles.

Creating Dynamic Assertions

use Nybbl\AccessAcl\Contract\DynamicAssertionInterface;

class ExampleAssertion implements DynamicAssertionInterface
{
    /**
     * @param string $resource
     * @param null $privilege
     * @param array $options
     * @return bool|mixed
     */
    public function assert(string $resource, $privilege = null, array $options = [])
    {
        // Implement yor logic based on the result...
        if ($options['can.edit']) {
            if ($options['identity']->id() === $options['blogPost']->ownerId()) {
                return self:ACCESS_GRANTED;
            }
        }
    }
}

In your controller:

public function editAction()
{
    $this->assert(ExampleAssertion::class, 'index', 'can.edit', [
        'identity' => $this->identity(),
        'blogPost' => $blogPostEntity,
    ]);

    return new ViewModel();
}

By default, a dynamic assertion will return false.

access-acl's People

Contributors

nic-d avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.