Sections

Abstract Class Phalcon\Acl\Adapter\AbstractAdapter

Source on GitHub

Namespace Phalcon\Acl\Adapter
Uses Phalcon\Acl\Enum, Phalcon\Events\AbstractEventsAware, Phalcon\Events\EventsAwareInterface
Extends AbstractEventsAware
Implements AdapterInterface, EventsAwareInterface

Adapter for Phalcon\Acl adapters

Properties

/**
 * Access Granted
 *
 * @var bool
 */
protected accessGranted = false;

/**
 * Active access which the list is checking if some role can access it
 *
 * @var string|null
 */
protected activeAccess;

/**
 * Component which the list is checking if some role can access it
 *
 * @var string|null
 */
protected activeComponent;

/**
 * Role which the list is checking if it's allowed to certain
 * component/access
 *
 * @var string|null
 */
protected activeRole;

/**
 * Default access
 *
 * @var int
 */
protected defaultAccess;

Methods

public function getActiveAccess(): string | null;

Active access which the list is checking if some role can access it

public function getActiveComponent(): string | null;

Component which the list is checking if some role can access it

public function getActiveRole(): string | null;

Role which the list is checking if it’s allowed to certain component/access

public function getDefaultAction(): int;

Returns the default ACL access level

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY)

Interface Phalcon\Acl\Adapter\AdapterInterface

Source on GitHub

Namespace Phalcon\Acl\Adapter
Uses Phalcon\Acl\ComponentInterface, Phalcon\Acl\RoleInterface

Interface for Phalcon\Acl adapters

Methods

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc. or a list of them

public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter lets to inherit access data from other existing role

public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component

public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component

public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes access from a component

public function getActiveAccess(): null | string;

Returns the access which the list is checking if some role can access it

public function getActiveComponent(): null | string;

Returns the component which the list is checking if some role can access it

public function getActiveRole(): null | string;

Returns the role which the list is checking if it’s allowed to certain component/access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getDefaultAction(): int;

Returns the default ACL access level

public function getInheritedRoles( string $roleName = string ): array;

Returns the inherited roles for a passed role name. If no role name has been specified it will return the whole array. If the role has not been found it returns an empty array

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if there exists func for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Ac\Enuml::ALLOW or Phalcon\Acl\Enum::DENY)

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Class Phalcon\Acl\Adapter\Memory

Source on GitHub

Namespace Phalcon\Acl\Adapter
Uses Phalcon\Acl\Enum, Phalcon\Acl\Role, Phalcon\Acl\RoleInterface, Phalcon\Acl\Component, Phalcon\Acl\Exception, Phalcon\Acl\RoleAwareInterface, Phalcon\Acl\ComponentAwareInterface, Phalcon\Acl\ComponentInterface, ReflectionFunction
Extends AbstractAdapter

Manages ACL lists in memory

$acl = new \Phalcon\Acl\Adapter\Memory();

$acl->setDefaultAction(
    \Phalcon\Acl\Enum::DENY
);

// Register roles
$roles = [
    "users"  => new \Phalcon\Acl\Role("Users"),
    "guests" => new \Phalcon\Acl\Role("Guests"),
];
foreach ($roles as $role) {
    $acl->addRole($role);
}

// Private area components
$privateComponents = [
    "companies" => ["index", "search", "new", "edit", "save", "create", "delete"],
    "products"  => ["index", "search", "new", "edit", "save", "create", "delete"],
    "invoices"  => ["index", "profile"],
];

foreach ($privateComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Public area components
$publicComponents = [
    "index"   => ["index"],
    "about"   => ["index"],
    "session" => ["index", "register", "start", "end"],
    "contact" => ["index", "send"],
];

foreach ($publicComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Grant access to public areas to both users and guests
foreach ($roles as $role) {
    foreach ($publicComponents as $component => $actions) {
        $acl->allow($role->getName(), $component, "*");
    }
}

// Grant access to private area to role Users
foreach ($privateComponents as $component => $actions) {
    foreach ($actions as $action) {
        $acl->allow("Users", $component, $action);
    }
}

Properties

/**
 * Access
 *
 * @var mixed
 */
protected access;

/**
 * Access List
 *
 * @var mixed
 */
protected accessList;

/**
 * Returns the latest function used to acquire access
 *
 * @var mixed
 */
protected activeFunction;

/**
 * Returns number of additional arguments(excluding role and resource) for active function
 *
 * @var int
 */
protected activeFunctionCustomArgumentsCount = 0;

/**
 * Returns the latest key used to acquire access
 *
 * @var string|null
 */
protected activeKey;

/**
 * Components
 *
 * @var mixed
 */
protected components;

/**
 * Component Names
 *
 * @var mixed
 */
protected componentsNames;

/**
 * Function List
 *
 * @var mixed
 */
protected func;

/**
 * Default action for no arguments is `allow`
 *
 * @var mixed
 */
protected noArgumentsDefaultAction;

/**
 * Roles
 *
 * @var mixed
 */
protected roles;

/**
 * Role Inherits
 *
 * @var mixed
 */
protected roleInherits;

Methods

public function __construct();

Phalcon\Acl\Adapter\Memory constructor

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc. or a list of them

Example:

// Add a component to the list allowing access to an action
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    "search"
);

$acl->addComponent("customers", "search");

// Add a component  with an access list
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    [
        "create",
        "search",
    ]
);

$acl->addComponent(
    "customers",
    [
        "create",
        "search",
    ]
);
public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);
public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role

$acl->addRole(
    new Phalcon\Acl\Role("administrator"),
    "consultant"
);

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);
public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component. You can use * as wildcard

// Allow access to guests to search on customers
$acl->allow("guests", "customers", "search");

// Allow access to guests to search or create on customers
$acl->allow("guests", "customers", ["search", "create"]);

// Allow access to any role to browse on products
$acl->allow("*", "products", "browse");

// Allow access to any role to browse on any component
$acl->allow("*", "*", "browse");


```php
public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component. You can use * as wildcard

// Deny access to guests to search on customers
$acl->deny("guests", "customers", "search");

// Deny access to guests to search or create on customers
$acl->deny("guests", "customers", ["search", "create"]);

// Deny access to any role to browse on products
$acl->deny("*", "products", "browse");

// Deny access to any role to browse on any component
$acl->deny("*", "*", "browse");
public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes access from a component

public function getActiveFunction(): mixed;

Returns the latest function used to acquire access

public function getActiveFunctionCustomArgumentsCount(): int;

Returns number of additional arguments(excluding role and resource) for active function

public function getActiveKey(): string | null;

Returns the latest key used to acquire access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getInheritedRoles( string $roleName = string ): array;

Returns the inherited roles for a passed role name. If no role name has been specified it will return the whole array. If the role has not been found it returns an empty array

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if a func (callable) exists for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

// Does andres have access to the customers component to create?
$acl->isAllowed("andres", "Products", "create");

// Do guests have access to any component to edit?
$acl->isAllowed("guests", "*", "edit");
public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Enum::ALLOW or Phalcon\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Class Phalcon\Acl\Component

Source on GitHub

Namespace Phalcon\Acl
Implements ComponentInterface

This class defines component entity and its description

Properties

/**
 * Component description
 *
 * @var string
 */
private description;

/**
 * Component name
 *
 * @var string
 */
private name;

Methods

public function __construct( string $name, string $description = null );

Phalcon\Acl\Component constructor

public function __toString(): string;
public function getDescription(): string;
public function getName(): string;

Interface Phalcon\Acl\ComponentAwareInterface

Source on GitHub

Namespace Phalcon\Acl

Interface for classes which could be used in allow method as RESOURCE

Methods

public function getComponentName(): string;

Returns component name

Interface Phalcon\Acl\ComponentInterface

Source on GitHub

Namespace Phalcon\Acl

Interface for Phalcon\Acl\Component

Methods

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns component description

public function getName(): string;

Returns the component name

Class Phalcon\Acl\Enum

Source on GitHub

Namespace Phalcon\Acl

Constants for Phalcon\Acl\Adapter adapters

Constants

const ALLOW = 1;
const DENY = 0;

Class Phalcon\Acl\Exception

Source on GitHub

Namespace Phalcon\Acl
Extends \Exception

Class for exceptions thrown by Phalcon\Acl

Class Phalcon\Acl\Role

Source on GitHub

Namespace Phalcon\Acl
Implements RoleInterface

This class defines role entity and its description

Properties

/**
 * Role description
 *
 * @var string
 */
private description;

/**
 * Role name
 *
 * @var string
 */
private name;

Methods

public function __construct( string $name, string $description = null );

Phalcon\Acl\Role constructor

public function __toString(): string;
public function getDescription(): string;
public function getName(): string;

Interface Phalcon\Acl\RoleAwareInterface

Source on GitHub

Namespace Phalcon\Acl

Interface for classes which could be used in allow method as ROLE

Methods

public function getRoleName(): string;

Returns role name

Interface Phalcon\Acl\RoleInterface

Source on GitHub

Namespace Phalcon\Acl

Interface for Phalcon\Acl\Role

Methods

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns role description

public function getName(): string;

Returns the role name