require_once '../../src/Nix/loader.php';
use Nix\Debugging\Debugger, Nix\Permissions\Permission, Nix\Permissions\PermissionAssertion, Nix\Permissions\User, Nix\Permissions\IUserHandler, Nix\Permissions\Identity, Nix\Permissions\Resource;
Debugger::init(true);
Debugger::setLogPath(__DIR__ . '/../temp/');
class PostsResource extends Resource
{
public $user_id;
protected $name = 'posts';
}
class UserPostsAssertion extends PermissionAssertion
{
public function assert(Permission $acl, $resource, $action)
{
echo '<pre>';
var_dump($acl);
var_dump($resource);
var_dump($action);
echo '</pre>';
}
}
$acl = new Permission();
$acl->addRole('author', 'guest');
$acl->addResource('posts');
$acl->allow('guest', 'posts');
$acl->deny('guest', 'posts', 'edit');
$acl->allow('author', 'posts', 'edit', new UserPostsAssertion());
$posts = new PostsResource();
$posts->user_id = 1234;
echo "<br>allowed: " . ($acl->isAllowed('guest', 'posts', 'view') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('author', $posts, 'edit') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('author', $posts, 'view') ? "allowed" : "denied");
class UserHandler implements IUserHandler
{
public function authenticate($username, $password)
{
return new Identity(6, 'admin', array('name' => 'jan'));
}
public function updateIdentity($id)
{
return new Identity(6, 'member', array('name' => 'new jan\'s name'));
}
}
$acl = new Permission();
$acl->addResource('administration');
$acl->addRole('member');
$acl->addRole('admin');
$acl->allow('admin', 'administration');
$user = new User();
$user->setUserHandler('UserHandler');
$user->setAcl($acl);
if (isset($_GET['login'])) {
$user->authenticate('test', 'test');
header('location: index.php');
} elseif (isset($_GET['logout'])) {
$user->signOut();
header('location: index.php');
} elseif (isset($_GET['update'])) {
$user->updateIndentity();
header('location: index.php');
}
if ($user->isAuthenticated()) {
echo "logged as: " . $user->name;
# loader Nix libraries
require_once '../../src/Nix/loader.php';
use Nix\Debugging\Debugger, Nix\Permissions\Permission, Nix\Permissions\User, Nix\Permissions\IUserHandler, Nix\Permissions\Identity;
Debugger::init(true);
Debugger::setLogPath(__DIR__ . '/../temp/');
$acl = new Permission();
# roles
$acl->addRole('member', 'guest');
$acl->addRole('admin', 'member');
$acl->addRole('superadmin', 'admin');
# resource
$acl->addResource('comments');
$acl->addResource('posts');
# privilegies
$acl->allow('guest', array('posts', 'comments'), 'view');
$acl->allow('member', 'comments', 'add');
$acl->allow('admin', 'posts', array('add', 'edit', 'delete'));
$acl->allow('superadmin', '*', '*');
echo "<br>allowed: " . ($acl->isAllowed('guest', 'posts', 'view') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('guest', 'comments', 'view') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('member', 'comments', 'view') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('admin', 'comments', 'add') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('admin', 'posts', 'view') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('superadmin', 'posts', 'delete') ? "allowed" : "denied");
echo "<br>allowed: " . ($acl->isAllowed('superadmin', 'comments', 'delete') ? "allowed" : "denied");
echo "<br>";
echo "<br>denied: " . ($acl->isAllowed('guest', 'comments', 'add') ? "allowed" : "denied");
echo "<br>denied: " . ($acl->isAllowed('guest', 'posts', 'add') ? "allowed" : "denied");
echo "<br>denied: " . ($acl->isAllowed('member', 'comments', 'delete') ? "allowed" : "denied");
echo "<br>denied: " . ($acl->isAllowed('admin', 'comments', 'delete') ? "allowed" : "denied");