Download the PHP package hoa/acl without Composer
On this page you can find all versions of the php package hoa/acl. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package acl
Hoa is a modular, extensible and
structured set of PHP libraries.
Moreover, Hoa aims at being a bridge between industrial and research worlds.
Hoa\Acl
This library allows to create and manipulate an Access Control List (ACL). The actors of an ACL are the following:
- Group, contains zero or more users, has zero or more permissions and owns zero or more services. A group can inherit permissions from other groups. Users and services cannot be inherited. If a group owns a service, this is a shared service because several users can access to it,
- User, can own zero or more services and can belong to zero or more groups,
- Permission, is like a right. A group holds zero or more permissions that can be used to allow or disallow access to something,
- Service, is a document, a resource, something a user would like to access.
Whilst the word “list” is contained in its name, the underlying structure is a
graph (please, see the Hoa\Graph
library) where vertices
(i.e. nodes) are groups.
Installation
With Composer, to include this library into
your dependencies, you need to
require hoa/acl
:
For more installation procedures, please read the Source page.
Testing
Before running the test suites, the development dependencies must be installed:
Then, to run all the test suites:
For more information, please read the contributor guide.
Quick usage
As a quick overview, we propose the following actors:
- Groups: Visitor, buyer, editor, administrator,
- Users: Anonymous visitor, logged visitor, product editor, blog editor,
- Permissions: Read, write, buy,
- Services: Product, blog page.
Basically, there are 2 services: A product and a blog page. It can look like a little shop. Visitors can be logged or not. If logged, then it can buy a product. The shop can be administrated by editors, with different roles: One for the products and one for the blog. Thus, we have 4 groups: Visitor, buyer, editor and administrator.
Create the ACL
We start by creating all the actors, in separated variables for the sake of clarity:
Then, we put them together: We create an ACL instance, we add services on users and groups, we add users on groups, we add groups inside the ACL instance and finally we add permissions on groups.
This is important to keep in mind that users and services are not inherited between groups.
Query the ACL
Now our ACL is build, we can query it by, for example, using the isAllowed
method. This method takes at least 2 arguments: A user and a permission. It
checks if a user has a certain permission. In addition, a service can be
provided too, and then it checks if a user has a certain permission on a
specific service. Let's see some examples.
-
Is an anonymous visitor allowed to read a product? Yes.
-
Is an anonymous visitor allowed to buy a product? No.
-
Is a logged visitor allowed to read a product? Yes.
-
Is a logged visitor allowed to buy a product? Yes.
-
Is a logged visitor allowed to write (on any services)? No.
-
Is a product editor allowed to buy (any services)? No.
-
Is a product editor allowed to write (any services)? Yes.
-
Is a blog editor allowed to write (any services)? Yes.
-
Is a product editor allowed to write a blog page? No.
- Is a blog editor allowed to write a blog page? Yes.
Using objects for users, permissions and services can sometimes be cumbersome. Thus, we can use their respective IDs instead. Consequently, one can write:
Thinner query with specific asserter
It may happen that the ACL, with users, permissions, services and groups, cannot be able to expres all your constraints. That's why an asserter can be provided.
An asserter must implement the Hoa\Acl\Assertable
interface and expect the
assert
method to be implemented. It will receive the $userId
,
$permissionId
and optionally the $serviceId
data. This assert
method must
compute a boolean that will be used as the latest step of the isAllowed
method.
Imagine the following scenario where a logged user cannot buy another product before M minutes if the amount of the current shopping bag is greater than X:
Obviously, the assert body can be complex and this library does not address
asserter aggregation or similar problems. However, the Hoa\Ruler
library perfectly fills
this role, you might want to consider it.
Documentation
The
hack book of Hoa\Acl
contains detailed information about how to use this library and how it works.
To generate the documentation locally, execute the following commands:
More documentation can be found on the project's website: hoa-project.net.
Getting help
There are mainly two ways to get help:
- On the
#hoaproject
IRC channel, - On the forum at users.hoa-project.net.
Contribution
Do you want to contribute? Thanks! A detailed contributor guide explains everything you need to know.
License
Hoa is under the New BSD License (BSD-3-Clause). Please, see
LICENSE
for details.