This is a Kohana port of the Zend_ACL library, with a few changes.
Things that are different from Zend_ACL:
1) Your ACL definition is saved using the string identifiers of the roles/resources,
NOT the objects. This way, if you serialize the ACL, you won't end up with a
unneccesary large serialization string. You don't have to supply objects when
adding roles/resources. EG a $acl->add_role('user') is fine.
2) If you have defined assertions in your rules, the assert methods will have access
to the arguments you provided in the ->allow($role,$resource,$privilege) call.
So, if you provide a User_Model as $role, the assert method will receive this object,
and not the role_id of this object. This way, assertions become way more powerful.
3) Not all methods are implemented, because they weren't needed by me at the time.
However, the essential methods (the core of ACL) are implemented, so the missing methods
can be implemented easily when needed.
4) The methods are underscored instead of camelCased, so add_role, add_resource and is_allowed.
Ported to Kohana & modified by Wouter - see Kohana Forum.
Based on Zend_Acl:
/** * constructor; sets up the Zend Acl object * * @return void * @author Andy Bennett */ function __construct() { $this->acl = new Zend_Acl(); $this->conf = Kohana::config('acl.acl'); // initialise the roles from the list foreach ($this->conf->roles as $role => $inherit) { $this->acl->addRole(new Zend_Acl_Role($role)); } // initialise the resources from the config foreach ($this->conf->resources as $resource) { $this->acl->add(new Zend_Acl_Resource($resource)); } // initialise the resources from the config foreach ($this->conf->allowed as $allowed) { $r = isset($allowed['resource']) ? $allowed['resource'] : null; $a = isset($allowed['actions']) ? $allowed['actions'] : null; $this->acl->allow($allowed['role'], $r, $a); } // initialise the resources from the config foreach ($this->conf->denied as $denied) { $r = isset($denied['resource']) ? $denied['resource'] : null; $a = isset($denied['actions']) ? $denied['actions'] : null; $this->acl->deny($denied['role'], $r, $a); } // Singleton instance self::$instance = $this; }
/** * Returns a singleton instance of acl. * * @return object */ public static function &instance() { if (!isset(self::$instance)) { $class = __CLASS__; self::$instance = new $class(); } return self::$instance; }