public function rebuild() { $acl = new AclMemory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); $profiles = Profiles::find('active = "Y"'); foreach ($profiles as $profile) { $acl->addRole(new AclRole($profile->name)); } foreach ($this->privateResource as $resource => $actions) { $acl->addResource(new AclResource($resource), $actions); } //数据库中查找到profiles表中的角色, 在找对应permissions表中的权限. foreach ($profiles as $profile) { foreach ($profile->getPermissions() as $permission) { $acl->allow($profile->name, $permission->resource, $permission->action); } //所有的角色都可以访问 users $acl->allow($profile->name, 'users', 'changePassword'); } if (touch(APP_DIR . $this->filePath) && is_writable(APP_DIR . $this->filePath)) { file_put_contents(APP_DIR . $this->filePath, serialize($acl)); } else { $this->flash->error('The user does not have write permissions to create the ACL list at ' . APP_DIR . $this->filePath); } return $acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { try { $acl = new Acl\Adapter\Memory(); $acl->setDefaultAction(Acl::DENY); $acl->addRole('guest'); //add guests role $acl->addRole('user', 'guest'); //all users and companies get guest permissions $acl->addRole('admin', 'user'); $resources = (require APPLICATION_PATH . '/config/acl/resources.php'); foreach ($resources as $controller => $actions) { $acl->addResource($controller, $actions); } $permissions = (require APPLICATION_PATH . '/config/acl/permissions.php'); foreach ($permissions as $role => $rules) { foreach ($rules as $controller => $action) { $acl->allow($role, $controller, $action); } } //give admins everything $acl->addRole('admin'); $acl->allow('admin', '*', '*'); $this->persistent->acl = $acl; } catch (\Exception $e) { if (APPLICATION_ENV == 'development' || APPLICATION_ENV == 'local_development') { die($e->getMessage() . "<hr><pre>" . print_r($e->getTraceAsString(), true) . "</pre>"); } } } return $this->persistent->acl; }
public function aclAction() { echo 'this is acl test!<br>'; $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); // 创建角色 // The first parameter is the name, the second parameter is an optional description. $roleAdmins = new Role("Administrators"); $roleEditors = new Role("Editors"); // 添加 "Guests" 角色到ACL $acl->addRole($roleAdmins); $acl->addRole($roleEditors); // 添加"Designers"到ACL, 仅使用此字符串。 //$acl->addRole("Designers"); // 定义 "Customers" 资源 $customersResource = new Resource("Customers"); $acl->addResource($customersResource, "search"); $acl->addResource($customersResource, array("create", "update")); // 设置角色对资源的访问级别 $acl->allow("Administrators", "Customers", "search"); $acl->allow("Administrators", "Customers", "create"); $acl->deny("Editors", "Customers", "update"); var_dump($acl); exit; // 查询角色是否有访问权限 var_dump($acl->isAllowed("Administrators", "Customers", "search")); exit; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!$this->persistent->get('acl')) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); // Register roles $roles = ['users' => new Role('Users', 'Member privileges, granted after sign in.'), 'guests' => new Role('Guests', 'Anyone browsing the site who is not signed in is considered to be a "Guest".')]; foreach ($roles as $role) { $acl->addRole($role); } if ($this->resource instanceof ResourceInterface) { foreach ($this->resource->getAllResources() as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } // Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($this->resource->getPublicResources() as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } // Grant access to private area to role Users foreach ($this->resource->getPrivateResources() as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } } // The acl is stored in session, APC would be useful here too $this->persistent->set('acl', $acl); } return $this->persistent->get('acl'); }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { //throw new \Exception("something"); if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('guests' => new Role('Guests'), 'users' => new Role('Users'), 'admins' => new Role('Admins')); foreach ($roles as $role) { $acl->addRole($role); } //Public area resources - READ ONLY $publicResources = array('index' => array('index'), 'user' => array('list', 'get', 'details', 'search'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('signup', 'login', 'logout')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //User area resources -- READ ONLY $userResourses = array('user' => array('index', 'search')); foreach ($userResourses as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant acess to private area to role Users foreach ($userResourses as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //Admins Resourses -- ALLOW ALLs $adminResourses = array('user' => array('index', 'edit', 'delete', 'update', 'create', 'search', 'save', 'remove')); foreach ($adminResourses as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to private area to role Admins foreach ($adminResourses as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Admins', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
private function getAcl($namespace) { // Create a new instantion of ACL $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); // Get groups for later use $groups = Groups::find(); // Get all available resources and add them to the acl resources foreach ($this->getAvailableResources($namespace) as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } // Add groups to ACL roles foreach ($groups as $group) { $acl->addRole($group->name); } // Allow groups to use resources assigned to them foreach ($groups as $group) { foreach ($this->getPermissions($group->group_id) as $permission) { foreach ($this->getAllowedResources($permission->permission_id, $namespace) as $resource => $actions) { foreach ($actions as $action) { $acl->allow($group->name, $resource, $action); } } } } // Return ACL list return $acl; }
/** * Get acl system. * * @return AclMemory */ public function getAcl($config) { $permission = $config->permission->toArray(); if (!$this->_acl) { $cacheData = $this->getDI()->get('cacheData'); $acl = $cacheData->get(self::CACHE_KEY_ACL); if ($acl === null) { $acl = new PhAclMemory(); $acl->setDefaultAction(PhAcl::DENY); $groupList = array_keys($permission); foreach ($groupList as $groupConst => $groupValue) { // Add Role $acl->addRole(new Role((string) $groupValue)); if (isset($permission[$groupValue]) && is_array($permission[$groupValue]) == true) { foreach ($permission[$groupValue] as $group => $controller) { foreach ($controller as $action) { $actionArr = explode('/', $action); $resource = strtolower($group) . '/' . $actionArr[0]; // Add Resource $acl->addResource($resource, $actionArr[1]); // Grant role to resource $acl->allow($groupValue, $resource, $actionArr[1]); } } } } $cacheData->save(self::CACHE_KEY_ACL, $acl, 2592000); // 30 days cache. } $this->_acl = $acl; } return $this->_acl; }
private function buildAclList() { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); /*========== Add roles to ACL ==========*/ $roles = [self::GUEST, self::USER, self::ADMIN]; foreach ($roles as $role) { $acl->addRole($role); } /*========== Add resources to ACL ==========*/ $resources = [self::GUEST => ['index' => ['*'], 'signup' => ['*'], 'signin' => ['*'], 'error' => ['*'], 'profile' => ['newPassword'], 'language' => ['*']], self::USER => ['profile' => ['*'], 'logout' => ['*']], self::ADMIN => ['usermanagement' => ['*']]]; foreach ($resources as $area) { foreach ($area as $controller => $action) { $acl->addResource($controller, $action); } } /*========== Add appropriate permissions ==========*/ foreach ($roles as $role) { foreach ($resources[self::GUEST] as $controller => $action) { $acl->allow($role, $controller, $action); } } foreach ($resources[self::USER] as $controller => $action) { $acl->allow(self::USER, $controller, $action); $acl->allow(self::ADMIN, $controller, $action); } foreach ($resources[self::ADMIN] as $controller => $action) { $acl->allow(self::ADMIN, $controller, $action); } return $acl; }
public function getAcl() { if ($this->acl) { return $this->acl; } $cache = $this->getCache(); if ($cache && ($data = $cache->get('acl'))) { return $this->acl = $data; } $acl = new MemoryAcl(); $acl->setDefaultAction(Acl::DENY); $roles = Entities\Roles::find(); foreach ($roles as $role) { $roleName = $role->name ? $role->name : $role->roleKey; $acl->addRole($role->roleKey, $role->roleKey); } $resources = Entities\Resources::find(); foreach ($resources as $resource) { $acl->addResource($resource->resourceKey); } $operations = Entities\Operations::find(); foreach ($operations as $operation) { $acl->addResourceAccess($operation->resourceKey, $operation->operationKey); if ($operation->roles) { foreach ($operation->roles as $role) { $acl->allow($role->roleKey, $operation->resourceKey, $operation->operationKey); } } } if ($cache) { $cache->save('acl', $acl); } return $this->acl = $acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!isset($this->persistent->acl)) { //Creamos la lista de accesos $acl = new AclList(); //Por defecto la lista deniega el acceso $acl->setDefaultAction(Acl::DENY); //Creamos los diferentes roles $roles = array('users' => new Role('Users'), 'guest' => new Role('Guest')); //Los añadirmos a la lista foreach ($roles as $role) { $acl->addRole($role); } //Indicamos las areas privadas $privateResources = array('trabajo' => array('index'), 'trabajopadre' => array('index'), 'trabajoprofe' => array('index'), 'trabajoadmin' => array('index'), 'entidad' => array('index', 'operacionalumno')); //Añadimos las alreas foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Indicamos las areas publicas $publicResources = array('index' => array('index'), 'about' => array('index'), 'blog' => array('index'), 'contact' => array('index'), 'usuario' => array('login', 'end'), 'errors' => array('show401', 'show404', 'show500')); //Añadimos las alreas foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Damos acceso a las areas publicas foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Damos acceso a las areas privadas foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //Asignamos la lista de accesos a objeto persistente $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * * @return \Phalcon\Acl\Adapter\Memory */ public function getAcl() { // setup acl at first time if (!isset($this->persistent->acl)) { // create acl list for type of user $acl = new AclList(); // deny is default acl $acl->setDefaultAction(Acl::DENY); // Create 2 roler for two user type: guest and user $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } // private resource area $privateResources = array('users' => array('index', 'search', 'edit', 'delete'), 'companies' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile')); // add private area foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } // public area $publicResource = array('index' => array('index'), 'about' => array('index'), 'register' => array('index', 'regis'), 'session' => array('index', 'register', 'start', 'end'), 'users' => array('create', 'new')); // add public area foreach ($publicResource as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } // grant all user have access to get public area foreach ($roles as $role) { foreach ($publicResource as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } // grant for only user have access to private area foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('users' => new Role('Users', 'Utilisateur authentifier avec un compte actif'), 'guests' => new Role('Guests', 'Utilisateur non authentifier')); //var_dump($roles);die(); foreach ($roles as $role) { $acl->addRole($role); } //Not camelCase autorized in define Ressource //Private area resources $privateResources = array('lang' => array('index', 'test'), 'contact' => array('index', 'form', 'new', 'edit', 'save', 'create', 'delete'), 'index' => array('listMembers'), 'listemenu' => array('index')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'notFound' => array('index', 'debugEnv'), 'session' => array('index', 'start'), 'inscription' => array('index')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //var_dump($acl);die(); //Grant access to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } //var_dump($this->persistent->acl);die(); return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { //throw new \Exception("something"); if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('index' => array('export', 'import'), 'people' => array('list', 'new', 'edit', 'create', 'delete', 'update'), 'stickers' => array('add', 'delete', 'create')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { //throw new \Exception("something"); if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'), 'privatepage' => array('index'), 'todo' => array('index', 'add', 'done', 'restore', 'remove'), 'phones' => array('index', 'reserve', 'getUserName', 'cancelReservation'), 'phoneAdd' => array('index', 'add'), 'phonesProducers' => array('index', 'add'), 'operatingSystems' => array('index', 'add')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'portfolio' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); // Register roles $roles = ['users' => new Role('Users', 'Member privileges, granted after sign in.'), 'guests' => new Role('Guests', 'Anyone browsing the site who is not signed in is considered to be a "Guest".')]; foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant access to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('App\\Controllers\\companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'App\\Controllers\\products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'App\\Controllers\\producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'App\\Controllers\\invoices' => array('index', 'profile'), 'App\\Controllers\\Api\\V1\\about' => array('index')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('App\\Controllers\\index' => array('index'), 'App\\Controllers\\about' => array('index'), 'App\\Controllers\\register' => array('index'), 'App\\Controllers\\errors' => array('show401', 'show404', 'show500'), 'App\\Controllers\\session' => array('index', 'register', 'start', 'end'), 'App\\Controllers\\contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant access to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (true) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('user' => array('register', 'list', 'delete'), 'tag' => array('list', 'create', 'delete'), 'content' => array('view', 'add'), 'pic' => array('list', 'create', 'delete', 'changeBrief'), 'search' => array('list', 'create', 'delete', 'userSearchList'), 'feedback' => array('list', 'view'), 'app' => array('list', 'unpass')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'api' => array('index'), 'install' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant access to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //Register roles $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array(); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'api' => array('index', 'addCategory', 'addProduct', 'getCategory', 'getProduct', 'getProductByCategory', 'updateCategory', 'updateProduct', 'deleteProduct', 'deleteCategory')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant access to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!$this->_acl) { $acl = new Memory(); $acl->setDefaultAction(PhAcl::DENY); // Register roles $roles = array('users' => new PhRole('Users'), 'guests' => new PhRole('Guests')); foreach ($roles as $role) { $acl->addRole($role); } // Private area resources $privateResources = array('awards' => array('add', 'edit', 'delete'), 'players' => array('add', 'edit', 'delete'), 'episodes' => array('add', 'edit', 'delete')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new PhResource($resource), $actions); } // Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'awards' => array('index'), 'players' => array('index'), 'episodes' => array('index'), 'session' => array('index', 'start'), 'contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new PhResource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } // Grant access to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } $this->_acl = $acl; } return $this->_acl; }
private function _getAcl() { // Create an empty ACL $acl = new AclList(); // Set the default action to be DENY access $acl->setDefaultAction(Acl::DENY); $roles = array('admin' => new Role('admin'), 'donor' => new Role('donor'), 'none' => new Role('none')); foreach ($roles as $role) { $acl->addRole($role); } $adminResources = array('admin' => array('index', 'update', 'setup')); $donorResources = array('donor' => array('index')); $noneResources = array('index' => array('index'), 'user' => array('login', 'logout')); $resources = array($adminResources, $donorResources, $noneResources); foreach ($resources as $resourceList) { foreach ($resourceList as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } } foreach ($roles as $role) { foreach ($noneResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } foreach ($donorResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('donor', $resource, $action); } } foreach ($adminResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('admin', $resource, $action); } } return $acl; }
public function getAcl() { $auth = new Auth(); if (!empty($auth->getPermission())) { $acl = new AcList(); // Default action is deny access $acl->setDefaultAction(\Phalcon\Acl::DENY); $role = new Role($auth->getPermission()); // Add "Guests" role to acl $acl->addRole($role); $info = $this->getInfoPermission(); foreach ($info as $k => $v) { $acl->addResource(new Resource($v->privilege->controller), $v->privilege->action); $acl->allow($auth->getPermission(), $v->privilege->controller, $v->privilege->action); } return $acl; } else { return false; } }
/** * Returns an existing or new access control list * * @returns AclList */ public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); $config = $this->getDI()->get('config')->acl; //Register roles foreach ($config->roles as $role => $inheritance) { $role = new Role($role); if ($acl->isRole($inheritance) && !is_null($inheritance)) { $inheritance = new Role($inheritance); } $acl->addRole($role, $inheritance); } //Register resources foreach ($config->resources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions->toArray()); } //Privileges foreach ($config->privilege as $role => $methodList) { foreach ($methodList as $method => $levels) { foreach ($levels as $resource => $accessList) { foreach ($accessList as $access) { if ($method == 'allow') { $acl->allow($role, $resource, $access); } else { $acl->deny($role, $resource, $access); } } } } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function createAcl() { $acl = new AclList(); $acl->setDefaultAction(\Phalcon\Acl::DENY); foreach ($this->resources as $role => $groups) { $acl->addRole(new Role($role, ucfirst($role))); foreach ($groups as $module => $controllers) { foreach ($controllers as $controller => $actions) { $resource = strtolower($module) . '/' . $controller; $acl->addResource(new Resource($resource), $actions); $acl->allow($role, $resource, $actions); } } } if (touch(ROOT_URL . $this->filePath) && is_writable(ROOT_URL . $this->filePath)) { // Save in File file_put_contents(ROOT_URL . $this->filePath, serialize($acl)); // Save cache in APC if (function_exists('apc_store')) { apc_store('acl', $acl); } } return $acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); $roles = array('admin' => new Role("Admin"), 'users' => new Role("User"), 'guests' => new Role("Guest")); foreach ($roles as $role) { $acl->addRole($role); } $aclResources = array('admin' => array(), 'user' => array('profile' => array("index", "edit", "view")), 'public' => array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'start', 'end'))); foreach ($aclResources as $type => $resource) { foreach ($resource as $res => $actions) { $acl->addResource(new Resource($res), $actions); } } foreach ($aclResources["public"] as $resource => $actions) { foreach ($actions as $action) { $acl->allow("Guest", $resource, $action); $acl->allow("User", $resource, $action); $acl->allow("Admin", $resource, $action); } } foreach ($aclResources["user"] as $resource => $actions) { foreach ($actions as $action) { $acl->allow("User", $resource, $action); $acl->allow("Admin", $resource, $action); } } foreach ($aclResources["admin"] as $resource => $actions) { foreach ($actions as $action) { $acl->allow("Admin", $resource, $action); } } $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Access Control List */ public function acl() { $acl = new Memory(); $acl->setDefaultAction(Acl::DENY); $roles = array('guests', 'users'); $resources = array('users' => array('auth' => array('guests'), 'create' => array('guests'), 'logout' => array('users')), 'posts' => array('create' => array('users'), 'mine' => array('users'), 'all' => array('users'))); foreach ($roles as $role) { $acl->addRole(new Role($role)); } foreach ($resources as $resource => $actions) { $acl->addResource(new Resource($resource), array_keys($actions)); foreach ($actions as $action => $roles) { foreach ($roles as $role) { $acl->allow($role, $resource, $action); } } } return $acl; }
/** * Rebuilds the access list into a file * * @return \Phalcon\Acl\Adapter\Memory */ public function rebuild() { $acl = new AclMemory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); // Register roles $profiles = Profiles::find('active = "Y"'); foreach ($profiles as $profile) { $acl->addRole(new AclRole($profile->name)); } foreach ($this->privateResources as $resource => $actions) { $acl->addResource(new AclResource($resource), $actions); } // Grant acess to private area to role Users foreach ($profiles as $profile) { // Grant permissions in "permissions" model foreach ($profile->getPermissions() as $permission) { $acl->allow($profile->name, $permission->resource, $permission->action); } // Always grant these permissions $acl->allow($profile->name, 'users', 'changePassword'); } if (touch(APP_DIR . $this->filePath) && is_writable(APP_DIR . $this->filePath)) { file_put_contents(APP_DIR . $this->filePath, serialize($acl)); // Store the ACL in APC if (function_exists('apc_store')) { apc_store('vokuro-acl', $acl); } } else { $this->flash->error('The user does not have write permissions to create the ACL list at ' . APP_DIR . $this->filePath); } return $acl; }
/** * Rebuils the access list into a file * */ public function rebuild() { $acl = new AclMemory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); //Register roles $profiles = Profiles::find('active = "Y"'); foreach ($profiles as $profile) { $acl->addRole(new AclRole($profile->name)); } foreach ($this->_privateResources as $resource => $actions) { $acl->addResource(new AclResource($resource), $actions); } //Grant acess to private area to role Users foreach ($profiles as $profile) { //Grant permissions in "permissions" model foreach ($profile->getPermissions() as $permission) { $acl->allow($profile->name, $permission->resource, $permission->action); } //Always grant these permissions $acl->allow($profile->name, 'users', 'changePassword'); } return $acl; }
/** * Rebuilds the access list into a file * * @return \Phalcon\Acl\Adapter\Memory */ public function rebuild() { $acl = new AclMemory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); // Register roles $profiles = Profiles::find('deleted = 0 AND hidden=0'); foreach ($profiles as $profile) { $acl->addRole(new AclRole($profile->title)); } foreach ($this->privateResources as $resource => $actions) { $acl->addResource(new AclResource($resource), $actions); } foreach ($this->publicResources as $resource => $actions) { $acl->addResource(new AclResource($resource), $actions); } // Grant acess to private area to role Users foreach ($profiles as $profile) { foreach ($profile->getPermissions() as $permission) { $resource = $permission->getResource(); $acl->addResource(new AclResource($resource->title), $permission->resourceaction); $acl->allow($profile->title, $resource->title, $permission->resourceaction); foreach ($this->privateResources as $privateResources => $actions) { $acl->allow($profile->title, $privateResources, $actions); } foreach ($this->publicResources as $publicresource => $actions) { $acl->allow($profile->title, $publicresource, '*'); } } // Always grant these permissions } $roles = array('guests' => new AclRole('Guests')); foreach ($roles as $role) { $acl->addRole($role); } foreach ($roles as $role) { foreach ($this->publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } if (touch($this->config->application->appsDir . $this->filePath) && is_writable($this->config->application->appsDir . $this->filePath)) { file_put_contents($this->config->application->appsDir . $this->filePath, serialize($acl)); // Store the ACL in APC if (function_exists('apc_store')) { apc_store('reportingtool-acl', $acl); } } else { $this->flash->error('The user does not have write permissions to create the ACL list at ' . $this->config->application->appsDir . $this->filePath); } return $acl; }
/** * Rebuils the access list into a file. */ public function rebuild() { $acl = new AclAdapter(); $acl->setDefaultAction(\Phalcon\Acl::DENY); //Register roles $profiles = UserGroups::find('active = 1'); foreach ($profiles as $profile) { $acl->addRole(new AclRole($profile->name)); } foreach ($this->_privateResources as $resource => $actions) { $acl->addResource(new AclResource($resource), $actions); } //Grant acess to private area to role Users foreach ($profiles as $profile) { //Grant permissions in "permissions" model foreach ($profile->getPermissions() as $permission) { $acl->allow($profile->name, $permission->resource, $permission->action); } //Always grant these permissions $acl->allow($profile->name, 'users', 'changePassword'); } if (is_writable(__DIR__ . $this->_filePath)) { file_put_contents(__DIR__ . $this->_filePath, serialize($acl)); //Store the ACL in APC if (function_exists('apc_store')) { apc_store($this->di->config->cradaUserPlugin->appId, $acl); } } else { $this->flash->error('The user does not have write permissions'); } return $acl; }
use Mocks\Examples\User; use Ovide\Libs\Mvc\Rest\App; use Phalcon\Acl; use Ovide\Libs\Mvc\Rest\ContentType\XmlEncoder; App::reset(); $app = App::instance(); $handlers = $app->getHandlers(); $accept = $handlers[\Ovide\Libs\Mvc\Rest\HeaderHandler\Accept::HEADER]; $accept->setAcceptable(XmlEncoder::CONTENT_TYPE, XmlEncoder::class); $app->mountResource(User::class); $app->di->set('acl', function () { $guest = new Acl\Role('guest'); $user = new Acl\Role('user'); $root = new Acl\Role('root'); $users = new Acl\Resource('users'); $acl = new Acl\Adapter\Memory(); $acl->addRole($guest); $acl->addRole($user, $guest); $acl->addRole($root, $user); $acl->addResource($users, ['delete', 'get', 'getOne', 'post', 'put', 'putSelf', 'getSelf', 'deleteSelf']); $acl->allow('guest', 'users', ['post']); $acl->allow('user', 'users', ['getSelf', 'deleteSelf', 'putSelf']); $acl->deny('user', 'users', 'post'); $acl->allow('root', 'users', '*'); $acl->setDefaultAction(Acl::DENY); //Sets 'gest' as active role $acl->isAllowed('guest', '', ''); return $acl; }, true); return $app;