Phalcon acl
NOTE
All classes are prefixed with Phalcon
Acl\Adapter\AbstractAdapter¶
Abstract Source on GitHub
Adapter for Phalcon\Acl adapters
Phalcon\Events\AbstractEventsAwarePhalcon\Acl\Adapter\AbstractAdapter— implementsPhalcon\Acl\Adapter\AdapterInterface,Phalcon\Events\EventsAwareInterface
Uses Phalcon\Acl\Enum · Phalcon\Events\AbstractEventsAware · Phalcon\Events\EventsAwareInterface
Method Summary¶
public string|null getActiveAccess() Active access which the list is checking if some role can access it public string|null getActiveComponent() Component which the list is checking if some role can access it public string|null getActiveRole() Role which the list is checking if it's allowed to certain public int getDefaultAction() Returns the default ACL access level public void setDefaultAction( int $defaultAccess ) Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) Properties¶
protected int $accessGranted = Enum::DENY Access Granted protected string|null $activeAccess = null Active access which the list is checking if some role can access it protected string|null $activeComponent = null Component which the list is checking if some role can access it protected string|null $activeRole = null Role which the list is checking if it's allowed to certain component/access protected int $defaultAccess = Enum::DENY Default access Methods¶
getActiveAccess()¶
Active access which the list is checking if some role can access it
getActiveComponent()¶
Component which the list is checking if some role can access it
getActiveRole()¶
Role which the list is checking if it's allowed to certain component/access
getDefaultAction()¶
Returns the default ACL access level
setDefaultAction()¶
Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY)
Acl\Adapter\AdapterInterface¶
Interface Source on GitHub
Interface for Phalcon\Acl adapters
Phalcon\Acl\Adapter\AdapterInterface
Uses Phalcon\Acl\ComponentInterface · Phalcon\Acl\RoleInterface
Method Summary¶
public bool addComponent(mixed $componentValue,mixed $accessList) Adds a component to the ACL list public bool addComponentAccess(string $componentName,mixed $accessList) Adds access to components public bool addInherit(string $roleName,mixed $roleToInherits) Do a role inherit from another existing role public bool addRole(mixed $role,mixed $accessInherits = null) Adds a role to the ACL list. Second parameter lets to inherit access data public void allow(string $roleName,string $componentName,mixed $access,mixed $func = null) Allow access to a role on a component public void deny(string $roleName,string $componentName,mixed $access,mixed $func = null) Deny access to a role on a component public void dropComponentAccess(string $componentName,mixed $accessList) Removes access from a component public null|string getActiveAccess() Returns the access which the list is checking if some role can access it public null|string getActiveComponent() Returns the component which the list is checking if some role can access public null|string getActiveRole() Returns the role which the list is checking if it's allowed to certain public ComponentInterface[] getComponents() Return an array with every component registered in the list public int getDefaultAction() Returns the default ACL access level public array getInheritedRoles( string $roleName = "" ) Returns the inherited roles for a passed role name. If no role name public int getNoArgumentsDefaultAction() Returns the default ACL access level for no arguments provided in public RoleInterface[] getRoles() Return an array with every role registered in the list public bool isAllowed(mixed $roleName,mixed $componentName,string $access,array $parameters = null) Check whether a role is allowed to access an action from a component public bool isComponent( string $componentName ) Check whether component exist in the components list public bool isRole( string $roleName ) Check whether role exist in the roles list public void setDefaultAction( int $defaultAccess ) Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) public void setNoArgumentsDefaultAction( int $defaultAccess ) Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) Methods¶
addComponent()¶
Adds a component to the ACL list
Access names can be a particular action, by example search, update, delete, etc. or a list of them
addComponentAccess()¶
Adds access to components
addInherit()¶
Do a role inherit from another existing role
addRole()¶
Adds a role to the ACL list. Second parameter lets to inherit access data from other existing role
allow()¶
public function allow(
string $roleName,
string $componentName,
mixed $access,
mixed $func = null
): void;
Allow access to a role on a component
deny()¶
public function deny(
string $roleName,
string $componentName,
mixed $access,
mixed $func = null
): void;
Deny access to a role on a component
dropComponentAccess()¶
Removes access from a component
getActiveAccess()¶
Returns the access which the list is checking if some role can access it
getActiveComponent()¶
Returns the component which the list is checking if some role can access it
getActiveRole()¶
Returns the role which the list is checking if it's allowed to certain component/access
getComponents()¶
Return an array with every component registered in the list
getDefaultAction()¶
Returns the default ACL access level
getInheritedRoles()¶
Returns the inherited roles for a passed role name. If no role name has been specified it will return the whole array. If the role has not been found it returns an empty array
getNoArgumentsDefaultAction()¶
Returns the default ACL access level for no arguments provided in isAllowed action if there exists func for accessKey
getRoles()¶
Return an array with every role registered in the list
isAllowed()¶
public function isAllowed(
mixed $roleName,
mixed $componentName,
string $access,
array $parameters = null
): bool;
Check whether a role is allowed to access an action from a component
isComponent()¶
Check whether component exist in the components list
isRole()¶
Check whether role exist in the roles list
setDefaultAction()¶
Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY)
setNoArgumentsDefaultAction()¶
Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey
Acl\Adapter\Memory¶
Class Source on GitHub
Manages ACL lists in memory
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(
\Phalcon\Acl\Enum::DENY
);
// Register roles
$roles = [
"users" => new \Phalcon\Acl\Role("Users"),
"guests" => new \Phalcon\Acl\Role("Guests"),
];
foreach ($roles as $role) {
$acl->addRole($role);
}
// Private area components
$privateComponents = [
"companies" => ["index", "search", "new", "edit", "save", "create", "delete"],
"products" => ["index", "search", "new", "edit", "save", "create", "delete"],
"invoices" => ["index", "profile"],
];
foreach ($privateComponents as $componentName => $actions) {
$acl->addComponent(
new \Phalcon\Acl\Component($componentName),
$actions
);
}
// Public area components
$publicComponents = [
"index" => ["index"],
"about" => ["index"],
"session" => ["index", "register", "start", "end"],
"contact" => ["index", "send"],
];
foreach ($publicComponents as $componentName => $actions) {
$acl->addComponent(
new \Phalcon\Acl\Component($componentName),
$actions
);
}
// Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicComponents as $component => $actions) {
$acl->allow($role->getName(), $component, "*");
}
}
// Grant access to private area to role Users
foreach ($privateComponents as $component => $actions) {
foreach ($actions as $action) {
$acl->allow("Users", $component, $action);
}
}
Phalcon\Events\AbstractEventsAwarePhalcon\Acl\Adapter\AbstractAdapterPhalcon\Acl\Adapter\Memory
Uses Phalcon\Acl\Component · Phalcon\Acl\ComponentAwareInterface · Phalcon\Acl\ComponentInterface · Phalcon\Acl\Enum · Phalcon\Acl\Exceptions\AccessRuleNotFound · Phalcon\Acl\Exceptions\CircularInheritanceError · Phalcon\Acl\Exceptions\ElementNotFound · Phalcon\Acl\Exceptions\InvalidAccessList · Phalcon\Acl\Exceptions\InvalidComponentImplementation · Phalcon\Acl\Exceptions\InvalidRoleImplementation · Phalcon\Acl\Exceptions\InvalidRoleType · Phalcon\Acl\Exceptions\MissingFunctionParameters · Phalcon\Acl\Exceptions\ParameterTypeMismatch · Phalcon\Acl\Exceptions\RoleNotFoundException · Phalcon\Acl\Role · Phalcon\Acl\RoleAwareInterface · Phalcon\Acl\RoleInterface · ReflectionClass · ReflectionFunction · ReflectionNamedType
Method Summary¶
public __construct() Phalcon\Acl\Adapter\Memory constructor public bool addComponent(mixed $componentValue,mixed $accessList) Adds a component to the ACL list public bool addComponentAccess(string $componentName,mixed $accessList) Adds access to components public bool addInherit(string $roleName,mixed $roleToInherits) Do a role inherit from another existing role public bool addRole(mixed $role,mixed $accessInherits = null) Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role public void allow(string $roleName,string $componentName,mixed $access,mixed $func = null) Allow access to a role on a component. You can use * as wildcard public void deny(string $roleName,string $componentName,mixed $access,mixed $func = null) Deny access to a role on a component. You can use * as wildcard public void dropComponentAccess(string $componentName,mixed $accessList) Removes access from a component public mixed getActiveFunction() Returns the latest function used to acquire access public int getActiveFunctionCustomArgumentsCount() Returns number of additional arguments(excluding role and resource) for active function public string|null getActiveKey() Returns the latest key used to acquire access public ComponentInterface[] getComponents() Return an array with every component registered in the list public array getInheritedRoles( string $roleName = "" ) Returns the inherited roles for a passed role name. If no role name public int getNoArgumentsDefaultAction() Returns the default ACL access level for no arguments provided in public RoleInterface[] getRoles() Return an array with every role registered in the list public bool isAllowed(mixed $roleName,mixed $componentName,string $access,array $parameters = null) Check whether a role is allowed to access an action from a component public bool isComponent( string $componentName ) Check whether component exist in the components list public bool isRole( string $roleName ) Check whether role exist in the roles list public void setNoArgumentsDefaultAction( int $defaultAccess ) Sets the default access level (Phalcon\Enum::ALLOW or Phalcon\Enum::DENY) Properties¶
protected array $access Access protected array $accessList Access List protected mixed $activeFunction Returns the latest function used to acquire access protected int $activeFunctionCustomArgumentsCount = 0 Returns number of additional arguments(excluding role and resource) for active function protected string|null $activeKey = null Returns the latest key used to acquire access protected array $components Components protected array $componentsNames Component Names protected array $functions Function List protected int $noArgumentsDefaultAction = Enum::DENY Default action for no arguments is allow protected array $roleInherits Role Inherits protected array $roles Roles Methods¶
__construct()¶
Phalcon\Acl\Adapter\Memory constructor
addComponent()¶
Adds a component to the ACL list
Access names can be a particular action, by example search, update, delete, etc. or a list of them
Example:
// Add a component to the list allowing access to an action
$acl->addComponent(
new Phalcon\Acl\Component("customers"),
"search"
);
$acl->addComponent("customers", "search");
// Add a component with an access list
$acl->addComponent(
new Phalcon\Acl\Component("customers"),
[
"create",
"search",
]
);
$acl->addComponent(
"customers",
[
"create",
"search",
]
);
addComponentAccess()¶
Adds access to components
addInherit()¶
Do a role inherit from another existing role
$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);
addRole()¶
Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role
If the role already exists this method returns false and the accessInherits argument is ignored; the existing role is left unchanged.
$acl->addRole(
new Phalcon\Acl\Role("administrator"),
"consultant"
);
$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);
allow()¶
public function allow(
string $roleName,
string $componentName,
mixed $access,
mixed $func = null
): void;
Allow access to a role on a component. You can use * as wildcard
A * role is an eager snapshot: it expands to the roles that exist when allow() is called, so roles added afterwards do not inherit the grant.
// Allow access to guests to search on customers
$acl->allow("guests", "customers", "search");
// Allow access to guests to search or create on customers
$acl->allow("guests", "customers", ["search", "create"]);
// Allow access to any role to browse on products
$acl->allow("*", "products", "browse");
// Allow access to any role to perform any action on any component
$acl->allow("*", "*", "*");
deny()¶
public function deny(
string $roleName,
string $componentName,
mixed $access,
mixed $func = null
): void;
Deny access to a role on a component. You can use * as wildcard
A * role is an eager snapshot: it expands to the roles that exist when deny() is called, so roles added afterwards do not inherit the rule.
// Deny access to guests to search on customers
$acl->deny("guests", "customers", "search");
// Deny access to guests to search or create on customers
$acl->deny("guests", "customers", ["search", "create"]);
// Deny access to any role to browse on products
$acl->deny("*", "products", "browse");
// Deny access to any role to perform any action on any component
$acl->deny("*", "*", "*");
dropComponentAccess()¶
Removes access from a component
getActiveFunction()¶
Returns the latest function used to acquire access
getActiveFunctionCustomArgumentsCount()¶
Returns number of additional arguments(excluding role and resource) for active function
getActiveKey()¶
Returns the latest key used to acquire access
getComponents()¶
Return an array with every component registered in the list
getInheritedRoles()¶
Returns the inherited roles for a passed role name. If no role name has been specified it will return the whole array. If the role has not been found it returns an empty array
getNoArgumentsDefaultAction()¶
Returns the default ACL access level for no arguments provided in isAllowed action if a func (callable) exists for accessKey
getRoles()¶
Return an array with every role registered in the list
isAllowed()¶
public function isAllowed(
mixed $roleName,
mixed $componentName,
string $access,
array $parameters = null
): bool;
Check whether a role is allowed to access an action from a component
// Does andres have access to the customers component to create?
$acl->isAllowed("andres", "Products", "create");
// Do guests have access to any component to edit?
$acl->isAllowed("guests", "*", "edit");
isComponent()¶
Check whether component exist in the components list
isRole()¶
Check whether role exist in the roles list
setNoArgumentsDefaultAction()¶
Sets the default access level (Phalcon\Enum::ALLOW or Phalcon\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey
Acl\Component¶
Class Source on GitHub
This class defines component entity and its description
Phalcon\Acl\Component— implementsPhalcon\Acl\ComponentInterface
Uses Phalcon\Acl\Exceptions\ForbiddenWildcard
Method Summary¶
public __construct(string $name,string $description = null) Phalcon\Acl\Component constructor public string __toString() public string|null getDescription() public string getName() Methods¶
__construct()¶
Phalcon\Acl\Component constructor
__toString()¶
getDescription()¶
getName()¶
Acl\ComponentAwareInterface¶
Interface Source on GitHub
Interface for classes which could be used in allow method as RESOURCE
Phalcon\Acl\ComponentAwareInterface
Method Summary¶
Methods¶
getComponentName()¶
Returns component name
Acl\ComponentInterface¶
Interface Source on GitHub
Interface for Phalcon\Acl\Component
Phalcon\Acl\ComponentInterface
Method Summary¶
public string __toString() Magic method __toString public string|null getDescription() Returns component description public string getName() Returns the component name Methods¶
__toString()¶
Magic method __toString
getDescription()¶
Returns component description
getName()¶
Returns the component name
Acl\Enum¶
Class Source on GitHub
Constants for Phalcon\Acl\Adapter adapters
Phalcon\Acl\Enum
Constants¶
int ALLOW = 1 int DENY = 0 Acl\Exception¶
Class Source on GitHub
Class for exceptions thrown by Phalcon\Acl
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\AccessRuleNotFoundPhalcon\Acl\Exceptions\CircularInheritanceErrorPhalcon\Acl\Exceptions\ElementNotFoundPhalcon\Acl\Exceptions\ForbiddenWildcardPhalcon\Acl\Exceptions\InvalidAccessListPhalcon\Acl\Exceptions\InvalidComponentImplementationPhalcon\Acl\Exceptions\InvalidRoleImplementationPhalcon\Acl\Exceptions\InvalidRoleTypePhalcon\Acl\Exceptions\MissingFunctionParametersPhalcon\Acl\Exceptions\ParameterTypeMismatchPhalcon\Acl\Exceptions\RoleNotFoundException
Acl\Exceptions\AccessRuleNotFound¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\AccessRuleNotFound
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\CircularInheritanceError¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\CircularInheritanceError
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\ElementNotFound¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\ElementNotFound
Uses Phalcon\Acl\Exception
Acl\Exceptions\ForbiddenWildcard¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\ForbiddenWildcard
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\InvalidAccessList¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\InvalidAccessList
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\InvalidComponentImplementation¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\InvalidComponentImplementation
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\InvalidRoleImplementation¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\InvalidRoleImplementation
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\InvalidRoleType¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\InvalidRoleType
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Exceptions\MissingFunctionParameters¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\MissingFunctionParameters
Uses Phalcon\Acl\Exception
Acl\Exceptions\ParameterTypeMismatch¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\ParameterTypeMismatch
Uses Phalcon\Acl\Exception
Acl\Exceptions\RoleNotFoundException¶
Class Source on GitHub
\ExceptionPhalcon\Acl\ExceptionPhalcon\Acl\Exceptions\RoleNotFoundException
Uses Phalcon\Acl\Exception
Method Summary¶
Methods¶
__construct()¶
Acl\Role¶
Class Source on GitHub
This class defines role entity and its description
Phalcon\Acl\Role— implementsPhalcon\Acl\RoleInterface
Uses Phalcon\Acl\Exceptions\ForbiddenWildcard
Method Summary¶
public __construct(string $name,string $description = null) Phalcon\Acl\Role constructor public string __toString() public string|null getDescription() public string getName() Methods¶
__construct()¶
Phalcon\Acl\Role constructor
__toString()¶
getDescription()¶
getName()¶
Acl\RoleAwareInterface¶
Interface Source on GitHub
Interface for classes which could be used in allow method as ROLE
Phalcon\Acl\RoleAwareInterface
Method Summary¶
Methods¶
getRoleName()¶
Returns role name
Acl\RoleInterface¶
Interface Source on GitHub
Interface for Phalcon\Acl\Role
Phalcon\Acl\RoleInterface
Method Summary¶
public string __toString() Magic method __toString public string|null getDescription() Returns role description public string getName() Returns the role name Methods¶
__toString()¶
Magic method __toString
getDescription()¶
Returns role description
getName()¶
Returns the role name