GitHub - ariews/ACLayer: A access control library to use on top of Zend Framework.

ariews / ACLayer Public

forked from bendauphinee/ACLayer

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A access control library to use on top of Zend Framework.

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
ACLayer Minimum Database.sql		ACLayer Minimum Database.sql
ACLayer Sample Database.sql		ACLayer Sample Database.sql
README		README
class.ACLayer.php		class.ACLayer.php

Repository files navigation

ACLayer is a database backed access control library which provides full group, user, and role access management, with recursive lookups. It is granular down to the permission and to the resource, and is very flexible.

This is a project that I have been working on for a long while now. After several major revisions, I finally have it stable enough to use. This is something that I have found lacking across the internet, with no good library available.

It has not yet been fully poked and prodded, but it does work. All public functions have been tested to make sure that they at least return what they are expected to in optimal conditions.

### Dependencies
Zend Framework

### Setup

    /* Requires Constants */
    define('ACL_PERMSCOPE_GLOBAL', 3);
    define('ACL_PERMSCOPE_GROUP', 2);
    define('ACL_PERMSCOPE_RESOURCE', 5);
    define('ACL_RESTYPE_GROUP', 1);
    define('ACL_MASTERGRANTERUID', 1); // The user id we use to grant permissions that don't come from someone else

    define('SQL_TF_COUNTGTZERO', '(CASE WHEN count(*) > 0 THEN 1 ELSE 0 END)');

    $config = new Zend_Config(
        array(
            'acl' => array(
                'groupidcol' => 'groupid',
                'groupnamecol' => 'name',
                'permkeycol' => 'permkey',
                'permscopecol' => 'permscope',
                'permvalcol' => 'permval',
                'residcol' => 'resid',
                'resowneruidcol' => 'owneruid',
                'restypeidcol' => 'restypeid',
                'roleidcol' => 'roleid',
                'uidcol' => 'uid',

                'table_acl_mappermissions' => 'acl_map_permissions',
                'table_acl_permissions' => 'acl_permissions',
                'table_acl_resources' => 'acl_resources',
                'table_groups' => 'groups',
                'table_roles' => 'roles',
                'table_users' => 'users'
            ),
            'database' => array(
                'adapter' => 'mysqli',
                'params' => array(
                    'host' => 'localhost',
                    'username' => 'databaseuser',
                    'password' => 'databasepassword',
                    'dbname' => 'databasename'
                )
            )
        )
    );

    require_once('Zend/Db.php');
    $db = Zend_Db::factory($config->database);

    $acl = new acl($db, $config->acl->toArray());

### Useage Samples

Check if user is allowed to do something:

    if(!$acl->resource_uperm('task_' . $taskid, $uid, 'task_view')){throw new Exception('Not allowed to view this task');}

Grant a user permission on a resource:

    $acl->resource_upermgrant('task_1', 'task', ACL_MASTERGRANTERUID, $softNs->auth->g('uid'));

Get a list of all resource keys for a specific type:

    // Find all for user
    $resourcesu = $acl->resource_ufind($uid, ACL_RESTYPE_PROJECT);

    // Find all for user's groups
    $resourcesg = $acl->resource_gfind($acl->group_umemberships($uid), ACL_RESTYPE_PROJECT);

    $resources = array_merge($resourcesu, $resourcesg);

    if(!empty($resources)){
        foreach($resources as $k => $v){
            $resources[$k] = str_replace('project_', '', $v);
        }
    }