GitHub Project

layout: default language: 'zh-cn' version: '4.0' title: 'Phalcon\Acl'

Abstract Class Phalcon\Acl\Adapter\AbstractAdapter

Source on GitHub

| Namespace | Phalcon\Acl\Adapter | | Uses | Phalcon\Events\ManagerInterface, Phalcon\Events\EventsAwareInterface | | Implements | AdapterInterface, EventsAwareInterface |

Adapter for Phalcon\Acl adapters

Properties

/**
 * Active access which the list is checking if some role can access it
 *
 * @var string
 */
protected activeAccess;

/**
 * Access Granted
 *
 * @var bool
 */
protected accessGranted = false;

/**
 * Role which the list is checking if it's allowed to certain
 * component/access
 *
 * @var string
 */
protected activeRole;

/**
 * Component which the list is checking if some role can access it
 *
 * @var string
 */
protected activeComponent;

/**
 * Default access
 *
 * @var bool
 */
protected defaultAccess = false;

/**
 * Events manager
 *
 * @var mixed
 */
protected eventsManager;

Methods

public function getActiveAccess(): string
public function getActiveComponent(): string
public function getActiveRole(): string
public function getDefaultAction(): int;

Returns the default ACL access level

public function getEventsManager(): ManagerInterface;

返回内部事件管理器

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl::ALLOW or Phalcon\Acl::DENY)

public function setEventsManager( ManagerInterface $eventsManager ): void;

设置事件管理器

Interface Phalcon\Acl\Adapter\AdapterInterface

Source on GitHub

| Namespace | Phalcon\Acl\Adapter | | Uses | Phalcon\Acl\ComponentInterface, Phalcon\Acl\RoleInterface |

Interface for Phalcon\Acl adapters

Methods

public function addComponent( mixed $componentObject, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc or a list of them

public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherit ): bool;

Do a role inherit from another existing role

public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter lets to inherit access data from other existing role

public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component

public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component

public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes an access from a component

public function getActiveAccess(): string;

Returns the access which the list is checking if some role can access it

public function getActiveComponent(): string;

Returns the component which the list is checking if some role can access it

public function getActiveRole(): string;

Returns the role which the list is checking if it's allowed to certain component/access

public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getDefaultAction(): int;

Returns the default ACL access level

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if there exists func for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Ac\Enuml::ALLOW or Phalcon\Acl\Enum::DENY)

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Acl\Enum::ALLOW or Phalcon\Acl\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Class Phalcon\Acl\Adapter\Memory

Source on GitHub

| Namespace | Phalcon\Acl\Adapter | | Uses | Phalcon\Acl\Enum, Phalcon\Acl\Role, Phalcon\Acl\RoleInterface, Phalcon\Acl\Component, Phalcon\Acl\Exception, Phalcon\Events\Manager, Phalcon\Acl\RoleAware, Phalcon\Acl\ComponentAware, Phalcon\Acl\ComponentInterface, ReflectionFunction | | Extends | AbstractAdapter |

Manages ACL lists in memory

$acl = new \Phalcon\Acl\Adapter\Memory();

$acl->setDefaultAction(
    \Phalcon\Acl\Enum::DENY
);

// Register roles
$roles = [
    "users"  => new \Phalcon\Acl\Role("Users"),
    "guests" => new \Phalcon\Acl\Role("Guests"),
];
foreach ($roles as $role) {
    $acl->addRole($role);
}

// Private area components
$privateComponents = [
    "companies" => ["index", "search", "new", "edit", "save", "create", "delete"],
    "products"  => ["index", "search", "new", "edit", "save", "create", "delete"],
    "invoices"  => ["index", "profile"],
];

foreach ($privateComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Public area components
$publicComponents = [
    "index"   => ["index"],
    "about"   => ["index"],
    "session" => ["index", "register", "start", "end"],
    "contact" => ["index", "send"],
];

foreach ($publicComponents as $componentName => $actions) {
    $acl->addComponent(
        new \Phalcon\Acl\Component($componentName),
        $actions
    );
}

// Grant access to public areas to both users and guests
foreach ($roles as $role) {
    foreach ($publicComponents as $component => $actions) {
        $acl->allow($role->getName(), $component, "*");
    }
}

// Grant access to private area to role Users
foreach ($privateComponents as $component => $actions) {
    foreach ($actions as $action) {
        $acl->allow("Users", $component, $action);
    }
}

Properties

/**
 * Access
 *
 * @var mixed
 */
protected access;

/**
 * Access List
 *
 * @var mixed
 */
protected accessList;

/**
 * Returns latest function used to acquire access
 *
 * @var mixed
 */
protected activeFunction;

/**
 * Returns number of additional arguments(excluding role and resource) for active function
 *
 * @var int
 */
protected activeFunctionCustomArgumentsCount = 0;

/**
 * Returns latest key used to acquire access
 *
 * @var string|null
 */
protected activeKey;

/**
 * Components
 *
 * @var mixed
 */
protected components;

/**
 * Component Names
 *
 * @var mixed
 */
protected componentsNames;

/**
 * Function List
 *
 * @var mixed
 */
protected func;

/**
 * Default action for no arguments is allow
 *
 * @var mixed
 */
protected noArgumentsDefaultAction;

/**
 * Roles
 *
 * @var mixed
 */
protected roles;

/**
 * Role Inherits
 *
 * @var mixed
 */
protected roleInherits;

/**
 * Roles Names
 *
 * @var mixed
 */
protected rolesNames;

Methods

public function __construct();

Phalcon\Acl\Adapter\Memory constructor

public function addComponent( mixed $componentValue, mixed $accessList ): bool;

Adds a component to the ACL list

Access names can be a particular action, by example search, update, delete, etc or a list of them

Example:

// Add a component to the the list allowing access to an action
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    "search"
);

$acl->addComponent("customers", "search");

// Add a component  with an access list
$acl->addComponent(
    new Phalcon\Acl\Component("customers"),
    [
        "create",
        "search",
    ]
);

$acl->addComponent(
    "customers",
    [
        "create",
        "search",
    ]
);
public function addComponentAccess( string $componentName, mixed $accessList ): bool;

Adds access to components

public function addInherit( string $roleName, mixed $roleToInherits ): bool;

Do a role inherit from another existing role

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);
public function addRole( mixed $role, mixed $accessInherits = null ): bool;

Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role

$acl->addRole(
    new Phalcon\Acl\Role("administrator"),
    "consultant"
);

$acl->addRole("administrator", "consultant");
$acl->addRole("administrator", ["consultant", "consultant2"]);
public function allow( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Allow access to a role on a component. You can use * as wildcard

// Allow access to guests to search on customers
$acl->allow("guests", "customers", "search");

// Allow access to guests to search or create on customers
$acl->allow("guests", "customers", ["search", "create"]);

// Allow access to any role to browse on products
$acl->allow("*", "products", "browse");

// Allow access to any role to browse on any component
$acl->allow("*", "*", "browse");

```php
public function deny( string $roleName, string $componentName, mixed $access, mixed $func = null ): void;

Deny access to a role on a component. You can use * as wildcard

// Deny access to guests to search on customers
$acl->deny("guests", "customers", "search");

// Deny access to guests to search or create on customers
$acl->deny("guests", "customers", ["search", "create"]);

// Deny access to any role to browse on products
$acl->deny("*", "products", "browse");

// Deny access to any role to browse on any component
$acl->deny("*", "*", "browse");
public function dropComponentAccess( string $componentName, mixed $accessList ): void;

Removes an access from a component

public function getActiveFunction(): mixed
public function getActiveFunctionCustomArgumentsCount(): int
public function getActiveKey(): string|null
public function getComponents(): ComponentInterface[];

Return an array with every component registered in the list

public function getNoArgumentsDefaultAction(): int;

Returns the default ACL access level for no arguments provided in isAllowed action if a func (callable) exists for accessKey

public function getRoles(): RoleInterface[];

Return an array with every role registered in the list

public function isAllowed( mixed $roleName, mixed $componentName, string $access, array $parameters = null ): bool;

Check whether a role is allowed to access an action from a component

// Does andres have access to the customers component to create?
$acl->isAllowed("andres", "Products", "create");

// Do guests have access to any component to edit?
$acl->isAllowed("guests", "*", "edit");
public function isComponent( string $componentName ): bool;

Check whether component exist in the components list

public function isRole( string $roleName ): bool;

Check whether role exist in the roles list

public function setNoArgumentsDefaultAction( int $defaultAccess ): void;

Sets the default access level (Phalcon\Enum::ALLOW or Phalcon\Enum::DENY) for no arguments provided in isAllowed action if there exists func for accessKey

Class Phalcon\Acl\Component

Source on GitHub

| Namespace | Phalcon\Acl | | Implements | ComponentInterface |

This class defines component entity and its description

Properties

/**
 * Component description
 *
 * @var string
 */
private description;

/**
 * Component name
 *
 * @var string
 */
private name;

Methods

public function __construct( string $name, string $description = null );

Phalcon\Acl\Component constructor

public function __toString(): string
public function getDescription(): string
public function getName(): string

Interface Phalcon\Acl\ComponentAware

Source on GitHub

| Namespace | Phalcon\Acl |

Interface for classes which could be used in allow method as RESOURCE

Methods

public function getComponentName(): string;

Returns component name

Interface Phalcon\Acl\ComponentInterface

Source on GitHub

| Namespace | Phalcon\Acl |

Interface for Phalcon\Acl\Component

Methods

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns component description

public function getName(): string;

Returns the component name

Class Phalcon\Acl\Enum

Source on GitHub

| Namespace | Phalcon\Acl |

Constants for Phalcon\Acl\Adapter adapters

常量

const ALLOW = 1;
const DENY = 0;

Class Phalcon\Acl\Exception

Source on GitHub

| Namespace | Phalcon\Acl | | Extends | \Phalcon\Exception |

Class for exceptions thrown by Phalcon\Acl

Class Phalcon\Acl\Role

Source on GitHub

| Namespace | Phalcon\Acl | | Implements | RoleInterface |

This class defines role entity and its description

Properties

/**
 * Role name
 *
 * @var string
 */
private name;

/**
 * Role description
 *
 * @var string
 */
private description;

Methods

public function __construct( string $name, string $description = null );

Phalcon\Acl\Role constructor

public function __toString(): string
public function getDescription(): string
public function getName(): string

Interface Phalcon\Acl\RoleAware

Source on GitHub

| Namespace | Phalcon\Acl |

Interface for classes which could be used in allow method as ROLE

Methods

public function getRoleName(): string;

Returns role name

Interface Phalcon\Acl\RoleInterface

Source on GitHub

| Namespace | Phalcon\Acl |

Interface for Phalcon\Acl\Role

Methods

public function __toString(): string;

Magic method __toString

public function getDescription(): string;

Returns role description

public function getName(): string;

Returns the role name