Phalcon acl

NOTE

All classes are prefixed with Phalcon

Acl\Adapter\AbstractAdapter ¶

Namespace
- Phalcon\Acl\Adapter
Uses
- Phalcon\Acl\Enum
- Phalcon\Events\AbstractEventsAware
- Phalcon\Events\EventsAwareInterface
Extends

AbstractEventsAware
Implements
- AdapterInterface
- EventsAwareInterface

Adapter for Phalcon\Acl adapters

Properties¶

/**
 * Access Granted
 *
 * @var bool
 */
protected $accessGranted = false;

/**
 * Active access which the list is checking if some role can access it
 *
 * @var string|null
 */
protected $activeAccess;

/**
 * Component which the list is checking if some role can access it
 *
 * @var string|null
 */
protected $activeComponent;

/**
 * Role which the list is checking if it's allowed to certain
 * component/access
 *
 * @var string|null
 */
protected $activeRole;

/**
 * Default access
 *
 * @var int
 */
protected $defaultAccess;

Methods¶

public function getActiveAccess(): string | null;

Active access which the list is checking if some role can access it

public function getActiveComponent(): string | null;

Component which the list is checking if some role can access it

public function getActiveRole(): string | null;

Role which the list is checking if it's allowed to certain component/access

public function getDefaultAction(): int;

Returns the default ACL access level

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY)

Acl\Adapter\AdapterInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl\Adapter
Uses
- Phalcon\Acl\ComponentInterface
- Phalcon\Acl\RoleInterface
Extends
Implements

Interface for Phalcon\Acl adapters

Methods¶

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc. or a list of them

public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter lets to inherit access data from other existing role

public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component

public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component

public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes access from a component

public function getActiveAccess(): null | string;

Returns the access which the list is checking if some role can access it

public function getActiveComponent(): null | string;

Returns the component which the list is checking if some role can access it

public function getActiveRole(): null | string;

Returns the role which the list is checking if it's allowed to certain component/access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getDefaultAction(): int;

Returns the default ACL access level

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if there exists func for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Ac\Enuml::ALLOW or Phalcon\Acl\Enum::DENY)

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Acl\Adapter\Memory¶

Source on GitHub

Namespace
- Phalcon\Acl\Adapter
Uses
- Phalcon\Acl\Component
- Phalcon\Acl\ComponentAwareInterface
- Phalcon\Acl\ComponentInterface
- Phalcon\Acl\Enum
- Phalcon\Acl\Exception
- Phalcon\Acl\Role
- Phalcon\Acl\RoleAwareInterface
- Phalcon\Acl\RoleInterface
- ReflectionClass
- ReflectionFunction
Extends

AbstractAdapter
Implements

Manages ACL lists in memory

$acl = new \Phalcon\Acl\Adapter\Memory();

$acl->setDefaultAction(
    \Phalcon\Acl\Enum::DENY
);

// Register roles
$roles = [
    "users"  => new \Phalcon\Acl\Role("Users"),
    "guests" => new \Phalcon\Acl\Role("Guests"),
];
foreach ($roles as $role) {
    $acl->addRole($role);
}

// Private area components
$privateComponents = [
    "companies" => ["index", "search", "new", "edit", "save", "create", "delete"],
    "products"  => ["index", "search", "new", "edit", "save", "create", "delete"],
    "invoices"  => ["index", "profile"],
];

foreach ($privateComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Public area components
$publicComponents = [
    "index"   => ["index"],
    "about"   => ["index"],
    "session" => ["index", "register", "start", "end"],
    "contact" => ["index", "send"],
];

foreach ($publicComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Grant access to public areas to both users and guests
foreach ($roles as $role) {
    foreach ($publicComponents as $component => $actions) {
        $acl->allow($role->getName(), $component, "*");
    }
}

// Grant access to private area to role Users
foreach ($privateComponents as $component => $actions) {
    foreach ($actions as $action) {
        $acl->allow("Users", $component, $action);
    }
}

Properties¶

/**
 * Access
 *
 * @var mixed
 */
protected $access;

/**
 * Access List
 *
 * @var mixed
 */
protected $accessList;

/**
 * Returns the latest function used to acquire access
 *
 * @var mixed
 */
protected $activeFunction;

/**
 * Returns number of additional arguments(excluding role and resource) for active function
 *
 * @var int
 */
protected $activeFunctionCustomArgumentsCount = ;

/**
 * Returns the latest key used to acquire access
 *
 * @var string|null
 */
protected $activeKey;

/**
 * Components
 *
 * @var mixed
 */
protected $components;

/**
 * Component Names
 *
 * @var mixed
 */
protected $componentsNames;

/**
 * Function List
 *
 * @var mixed
 */
protected $func;

/**
 * Default action for no arguments is `allow`
 *
 * @var mixed
 */
protected $noArgumentsDefaultAction;

/**
 * Roles
 *
 * @var mixed
 */
protected $roles;

/**
 * Role Inherits
 *
 * @var mixed
 */
protected $roleInherits;

Methods¶

public function __construct();

Phalcon\Acl\Adapter\Memory constructor

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc. or a list of them

Example:

// Add a component to the list allowing access to an action
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    "search"
);

$acl->addComponent("customers", "search");

// Add a component  with an access list
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    [
        "create",
        "search",
    ]
);

$acl->addComponent(
    "customers",
    [
        "create",
        "search",
    ]
);

public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);

public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role

$acl->addRole(
    new Phalcon\Acl\Role("administrator"),
    "consultant"
);

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);

public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component. You can use * as wildcard

// Allow access to guests to search on customers
$acl->allow("guests", "customers", "search");

// Allow access to guests to search or create on customers
$acl->allow("guests", "customers", ["search", "create"]);

// Allow access to any role to browse on products
$acl->allow("*", "products", "browse");

// Allow access to any role to browse on any component
$acl->allow("*", "*", "browse");

public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component. You can use * as wildcard

// Deny access to guests to search on customers
$acl->deny("guests", "customers", "search");

// Deny access to guests to search or create on customers
$acl->deny("guests", "customers", ["search", "create"]);

// Deny access to any role to browse on products
$acl->deny("*", "products", "browse");

// Deny access to any role to browse on any component
$acl->deny("*", "*", "browse");

public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes access from a component

public function getActiveFunction(): mixed;

Returns the latest function used to acquire access

public function getActiveFunctionCustomArgumentsCount(): int;

Returns number of additional arguments(excluding role and resource) for active function

public function getActiveKey(): string | null;

Returns the latest key used to acquire access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if a func (callable) exists for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

// Does andres have access to the customers component to create?
$acl->isAllowed("andres", "Products", "create");

// Do guests have access to any component to edit?
$acl->isAllowed("guests", "*", "edit");

public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Enum::ALLOW or Phalcon\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Acl\Component¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements
- ComponentInterface

This class defines component entity and its description

Properties¶

/**
 * Component description
 *
 * @var string
 */
private $description;

/**
 * Component name
 *
 * @var string
 */
private $name;

Methods¶

public function __construct( string $name, string $description = null );

Phalcon\Acl\Component constructor

public function __toString(): string;

public function getDescription(): string;

public function getName(): string;

Acl\ComponentAwareInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for classes which could be used in allow method as RESOURCE

Methods¶

public function getComponentName(): string;

Returns component name

Acl\ComponentInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for Phalcon\Acl\Component

Methods¶

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns component description

public function getName(): string;

Returns the component name

Acl\Enum¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Constants for Phalcon\Acl\Adapter adapters

Constants¶

const ALLOW = 1;
const DENY = 0;

Acl\Exception¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends

\Exception
Implements

Class for exceptions thrown by Phalcon\Acl

Acl\Role¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements
- RoleInterface

This class defines role entity and its description

Properties¶

/**
 * Role description
 *
 * @var string
 */
private $description;

/**
 * Role name
 *
 * @var string
 */
private $name;

Methods¶

public function __construct( string $name, string $description = null );

Phalcon\Acl\Role constructor

public function __toString(): string;

public function getDescription(): string;

public function getName(): string;

Acl\RoleAwareInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for classes which could be used in allow method as ROLE

Methods¶

public function getRoleName(): string;

Returns role name

Acl\RoleInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for Phalcon\Acl\Role

Methods¶

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns role description

public function getName(): string;

Returns the role name