AclMan is a PHP library designed to manage access control list (ACL).
-
PHP >= 5.4
-
Composer
AclMan has various features:
-
Assertions
It provides an
AssertionPluginManagerwhose goal is to deliver the assertions (i.e.,AssertionInterfaceobjects) -
Permissions
Contains a class,
GenericPermission, that is a container of permission options (e.g., a role, a resource, a privilege, an assertion) -
Resources and roles
It provides a set of traits aimed to check the validity of resources and roles and instantiate their relative classes
-
Storages
AclMan allows you to save the ACL configuration in several layers persistence, via
StorageInterfaceobjects and adapters (e.g.,ArrayAdapter) -
Services
A set of classes aimed at the instantiation of ACL objects
Add ripaclub/aclman to your composer.json.
{
"require": {
"ripaclub/aclman": "~0.2.0"
}
}
AclMan library has only two configuration nodes:
-
aclman_storageto configure the persistence layer in which to save your ACL rules -
aclman_servicesto configure your services (e.g., a storage and optionally a plugin manager)
So, here is an example of use. You first need to configure the factories.
Put this PHP array into your configuration file.
'abstract_factories' => [
'AclMan\Service\ServiceFactory',
'AclMan\Storage\StorageFactory'
],
'factories' => [
'AclMan\Assertion\AssertionManager' => 'AclMan\Assertion\AssertionManagerFactory'
]Then we configure our service.
'aclman_services' => [
'AclService\Ex1' => [
'storage' => 'AclStorage\Ex1',
'plugin_manager' => 'AclMan\Assertion\AssertionManager',
],
]
'aclman-assertion-manager' => [
'invokables' => [
'assertAlias' => 'assertionClass',
...
...
]
]Finally, our storage configuration.
'aclman_storage' => [
'AclStorage\Ex1' => [
'roles' => [
// Config specific permission for role Role1 to resources Resource1 and Resource2
'Role1' => [
'resources' => [
'Resource1' => [
[
'assert' => null,
'allow' => true,
'privilege' => 'add'
]
],
'Resource2' => [
[
'assert' => [
'assertAlias' => [
'config' => 'test'
],
],
'allow' => true,
'privilege' => 'view'
]
]
],
],
// Config specific permission for all roles to resource Resource1 (e.x public resource)
StorageInterface::ALL_ROLES => [
'resources' => [
'Resource3' => [
[
'allow' => true,
]
],
]
],
// Config specific permission for Admin to all resource (e.x access to al resource to the admin)
'Admin' => [
'resources' => [
StorageInterface::ALL_RESOURCES => [
[
'allow' => true,
]
],
]
],
],
],
]Our first ACL configuration is now complete. Use it:
$aclService1 = $serviceLocator->get('AclService\Ex1');
$aclService1->isAllowed('Role1', 'Resource1', 'view'); // FALSE
$aclService1->isAllowed('Role1', 'Resource1', 'add'); // TRUE
// ...Notice the behaviour ...
$aclService1 = $serviceLocator->get('AclService\Ex1');
$aclService1->isAllowed('Role1', 'Resource1', 'add'); // TRUE
$aclService1->isAllowed('Role1', 'Resource2', 'view'); // FALSE
// ...