Access control adapters

Don't use this in production. It's an early alpha release.

Requirements

PHP 5.4
This plugin needs li3_behaviors (only if you intend to use the DbAcl adapter).
This plugin needs li3_tree (only if you intend to use the DbAcl adapter).
This plugin needs li3_fixtures (only if you intend to run DbAcl adapter tests).

Installation

Checkout the code to either of your library directories:

cd libraries
git clone [email protected]:jails/li3_access.git

Include the library in your /app/config/bootstrap/libraries.php

Libraries::add('li3_access');

Presentation

This plugin provide a couple of adapters for managing access control into your application. It can manage simple rule based system as well as access control lists system. Access control lists are a way to manage application permissions in a fine-grained. It's not as fast as rule based system but allow further control on your application/models.

API

Simple adapter:

The simple adapter only checks that the passed data is not empty.

Access::config('simple' => ['adapter' => 'Simple']);
Access::check('rules', ['username' => 'Max']); //return `true`
Access::check('rules', true); //return `true`
Access::check('rules', []); //return `false`

Rule adapter:

The rule adapter check access from a predefinied/custom closure. To use this adapter configure Access like the following:

Access::config('rules', ['adapter' => 'Rules']);

The rules adpater already contains the following rules: 'allowAll', 'denyAll', 'allowAnyUser', 'allowIp'.

Example of use:

$user = Auth::check('auth_config_name');
Access::check('rules', $user, $request, ['rules' => ['allowAnyUser']]);

$user = User::find('first', ['username' => 'psychic']);
Access::check('rules', $user, $request, ['rules' => ['allowAnyUser']]);

Rule with parameters:

Access::check('rules', null, $request,  [
	'rules' => [
		'allowIp' => [
			'ip' => '/10\.0\.1\.\d+/' //parameter to pass to the `'allowIp'` closure.
		]
	]
]);

You can add custom rule on ::config():

Access::config('rules' => [
	'adapter' => 'Rules',
	'rules' => [
		'testDeny' => [
			'message' => 'Access denied.',
			'rule' => function($requester) {
				return false;
			}
		]
	]
]);

or dynamically with:

Access::rules('rules', 'testDeny', function($requester) { return false; }, [
	'message' => 'Access denied.'
]);

DbAcl adapter:

This adapter currently works for only SQL databases (i.e MySQL, PostgreSQL and Sqlite3).

Access::config('acl' => ['adapter' => 'DbAcl']);

Access control lists, or ACL, handle two main things: things that want stuff, and things that are wanted. This is usually represented by:

Access Control Object (Aco), i.e. something that is wanted
Access Request Object (Aro), i.e. Something that wants something

And beetween Acos and Aros, there's permissions which define the access privileges beetween Aros and Acos.

Above, the schema needed to makes things works out of the box for a MySQL database:

DROP TABLE IF EXISTS `acos`;
CREATE TABLE `acos` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `class` varchar(255) DEFAULT NULL,
  `fk_id` int(10) DEFAULT NULL,
  `alias` varchar(255) DEFAULT NULL,
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
);


DROP TABLE IF EXISTS `aros`;
CREATE TABLE `aros` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `class` varchar(255) DEFAULT NULL,
  `fk_id` int(10) DEFAULT NULL,
  `alias` varchar(255) DEFAULT NULL,
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
);


DROP TABLE IF EXISTS `permissions`;
CREATE TABLE `permissions` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `aro_id` int(10) NOT NULL,
  `aco_id` int(10) NOT NULL,
  `privileges` text,
  PRIMARY KEY (`id`)
);

Of course you need to adapt this schema according your own SQL database.

Once Acos and Aros are correctly defined (see test's fixtures for a better understanding of what Acos and Aros looks like).

You can add privileges:

Access::allow('acl', 'admin/max', 'controller/backend', ['read', 'create', 'update', 'delete']);
//or:
Access::allow('acl', 'admin/max', 'controller/backend', 'publish');
//or:
$user = User::find('first', ['username' => 'max']);
Access::allow('acl', $user, 'controller/backend', ['read', 'create', 'update', 'publish']);

You can remove privileges:

Access::deny('acl', 'user/joe', 'controller/backend', ['delete']);

Use Access::check() to check some privileges:

Access::check('acl', 'user/joe', 'controller/backend', ['delete']);

Or Access::get() for recovering all privileges for an Aro/Aco:

Access::get('acl', 'user/joe', 'controller/backend');

Greetings

The li3 team, Tom Maiaroto, Weluse, rich97, CakePHP's ACL, Pamela Anderson and all others which make that possible.

jails / li3_access Goto Github PK

li3_access's Introduction

Access control adapters

Requirements

Installation

Presentation

API

Simple adapter:

Rule adapter:

DbAcl adapter:

Greetings

Build status

li3_access's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent