Phalcon acl

NOTE

All classes are prefixed with Phalcon

Acl\Adapter\AbstractAdapter ¶

Namespace
- Phalcon\Acl\Adapter
Uses
- Phalcon\Acl\Enum
- Phalcon\Events\AbstractEventsAware
- Phalcon\Events\EventsAwareInterface
Extends

AbstractEventsAware
Implements
- AdapterInterface
- EventsAwareInterface

Adapter for Phalcon\Acl adapters

Properties¶

/**
 * Access Granted
 *
 * @var bool
 */
protected $accessGranted = false;

/**
 * Active access which the list is checking if some role can access it
 *
 * @var string|null
 */
protected $activeAccess;

/**
 * Component which the list is checking if some role can access it
 *
 * @var string|null
 */
protected $activeComponent;

/**
 * Role which the list is checking if it's allowed to certain
 * component/access
 *
 * @var string|null
 */
protected $activeRole;

/**
 * Default access
 *
 * @var int
 */
protected $defaultAccess;

Methods¶

public function getActiveAccess(): string | null;

Active access which the list is checking if some role can access it

public function getActiveComponent(): string | null;

Component which the list is checking if some role can access it

public function getActiveRole(): string | null;

Role which the list is checking if it's allowed to certain component/access

public function getDefaultAction(): int;

Returns the default ACL access level

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY)

Acl\Adapter\AdapterInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl\Adapter
Uses
- Phalcon\Acl\ComponentInterface
- Phalcon\Acl\RoleInterface
Extends
Implements

Interface for Phalcon\Acl adapters

Methods¶

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc. or a list of them

public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter lets to inherit access data from other existing role

public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component

public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component

public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes access from a component

public function getActiveAccess(): null | string;

Returns the access which the list is checking if some role can access it

public function getActiveComponent(): null | string;

Returns the component which the list is checking if some role can access it

public function getActiveRole(): null | string;

Returns the role which the list is checking if it's allowed to certain component/access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getDefaultAction(): int;

Returns the default ACL access level

public function getInheritedRoles( string $roleName = string ): array;

Returns the inherited roles for a passed role name. If no role name has been specified it will return the whole array. If the role has not been found it returns an empty array

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if there exists func for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Ac\Enuml::ALLOW or Phalcon\Acl\Enum::DENY)

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Acl\Adapter\Memory¶

Source on GitHub

Namespace
- Phalcon\Acl\Adapter
Uses
- Phalcon\Acl\Component
- Phalcon\Acl\ComponentAwareInterface
- Phalcon\Acl\ComponentInterface
- Phalcon\Acl\Enum
- Phalcon\Acl\Exception
- Phalcon\Acl\Role
- Phalcon\Acl\RoleAwareInterface
- Phalcon\Acl\RoleInterface
- ReflectionClass
- ReflectionFunction
Extends

AbstractAdapter
Implements

Manages ACL lists in memory

$acl = new \Phalcon\Acl\Adapter\Memory();

$acl->setDefaultAction(
    \Phalcon\Acl\Enum::DENY
);

// Register roles
$roles = [
    "users"  => new \Phalcon\Acl\Role("Users"),
    "guests" => new \Phalcon\Acl\Role("Guests"),
];
foreach ($roles as $role) {
    $acl->addRole($role);
}

// Private area components
$privateComponents = [
    "companies" => ["index", "search", "new", "edit", "save", "create", "delete"],
    "products"  => ["index", "search", "new", "edit", "save", "create", "delete"],
    "invoices"  => ["index", "profile"],
];

foreach ($privateComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Public area components
$publicComponents = [
    "index"   => ["index"],
    "about"   => ["index"],
    "session" => ["index", "register", "start", "end"],
    "contact" => ["index", "send"],
];

foreach ($publicComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Grant access to public areas to both users and guests
foreach ($roles as $role) {
    foreach ($publicComponents as $component => $actions) {
        $acl->allow($role->getName(), $component, "*");
    }
}

// Grant access to private area to role Users
foreach ($privateComponents as $component => $actions) {
    foreach ($actions as $action) {
        $acl->allow("Users", $component, $action);
    }
}

Properties¶

/**
 * Access
 *
 * @var mixed
 */
protected $access;

/**
 * Access List
 *
 * @var mixed
 */
protected $accessList;

/**
 * Returns the latest function used to acquire access
 *
 * @var mixed
 */
protected $activeFunction;

/**
 * Returns number of additional arguments(excluding role and resource) for active function
 *
 * @var int
 */
protected $activeFunctionCustomArgumentsCount = ;

/**
 * Returns the latest key used to acquire access
 *
 * @var string|null
 */
protected $activeKey;

/**
 * Components
 *
 * @var mixed
 */
protected $components;

/**
 * Component Names
 *
 * @var mixed
 */
protected $componentsNames;

/**
 * Function List
 *
 * @var mixed
 */
protected $func;

/**
 * Default action for no arguments is `allow`
 *
 * @var mixed
 */
protected $noArgumentsDefaultAction;

/**
 * Roles
 *
 * @var mixed
 */
protected $roles;

/**
 * Role Inherits
 *
 * @var mixed
 */
protected $roleInherits;

Methods¶

public function __construct();

Phalcon\Acl\Adapter\Memory constructor

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc. or a list of them

Example:

// Add a component to the list allowing access to an action
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    "search"
);

$acl->addComponent("customers", "search");

// Add a component  with an access list
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    [
        "create",
        "search",
    ]
);

$acl->addComponent(
    "customers",
    [
        "create",
        "search",
    ]
);

public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);

public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role

$acl->addRole(
    new Phalcon\Acl\Role("administrator"),
    "consultant"
);

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);

public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component. You can use * as wildcard

// Allow access to guests to search on customers
$acl->allow("guests", "customers", "search");

// Allow access to guests to search or create on customers
$acl->allow("guests", "customers", ["search", "create"]);

// Allow access to any role to browse on products
$acl->allow("*", "products", "browse");

// Allow access to any role to browse on any component
$acl->allow("*", "*", "browse");

public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component. You can use * as wildcard

// Deny access to guests to search on customers
$acl->deny("guests", "customers", "search");

// Deny access to guests to search or create on customers
$acl->deny("guests", "customers", ["search", "create"]);

// Deny access to any role to browse on products
$acl->deny("*", "products", "browse");

// Deny access to any role to browse on any component
$acl->deny("*", "*", "browse");

public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes access from a component

public function getActiveFunction(): mixed;

Returns the latest function used to acquire access

public function getActiveFunctionCustomArgumentsCount(): int;

Returns number of additional arguments(excluding role and resource) for active function

public function getActiveKey(): string | null;

Returns the latest key used to acquire access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getInheritedRoles( string $roleName = string ): array;

Returns the inherited roles for a passed role name. If no role name has been specified it will return the whole array. If the role has not been found it returns an empty array

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if a func (callable) exists for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

// Does andres have access to the customers component to create?
$acl->isAllowed("andres", "Products", "create");

// Do guests have access to any component to edit?
$acl->isAllowed("guests", "*", "edit");

public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Enum::ALLOW or Phalcon\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Acl\Component¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements
- ComponentInterface

This class defines component entity and its description

Properties¶

/**
 * Component description
 *
 * @var string
 */
private $description;

/**
 * Component name
 *
 * @var string
 */
private $name;

Methods¶

public function __construct( string $name, string $description = null );

Phalcon\Acl\Component constructor

public function __toString(): string;

public function getDescription(): string;

public function getName(): string;

Acl\ComponentAwareInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for classes which could be used in allow method as RESOURCE

Methods¶

public function getComponentName(): string;

Returns component name

Acl\ComponentInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for Phalcon\Acl\Component

Methods¶

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns component description

public function getName(): string;

Returns the component name

Acl\Enum¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Constants for Phalcon\Acl\Adapter adapters

Constants¶

const ALLOW = 1;
const DENY = 0;

Acl\Exception¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends

\Exception
Implements

Class for exceptions thrown by Phalcon\Acl

Acl\Role¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements
- RoleInterface

This class defines role entity and its description

Properties¶

/**
 * Role description
 *
 * @var string
 */
private $description;

/**
 * Role name
 *
 * @var string
 */
private $name;

Methods¶

public function __construct( string $name, string $description = null );

Phalcon\Acl\Role constructor

public function __toString(): string;

public function getDescription(): string;

public function getName(): string;

Acl\RoleAwareInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for classes which could be used in allow method as ROLE

Methods¶

public function getRoleName(): string;

Returns role name

Acl\RoleInterface ¶

Source on GitHub

Namespace
- Phalcon\Acl
Uses
Extends
Implements

Interface for Phalcon\Acl\Role

Methods¶

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns role description

public function getName(): string;

Returns the role name