Powered by GitBook

Access Control List

Create Access Control List Adapter
Create roles
Restrict access on Resources

Create Access Control List Adapter

namespace Acme\Acl\Adapter;

use Prest\Acl\MountAwareTrait;
use Phalcon\Acl\Adapter\Memory as PhMemory;
use Prest\Acl\MountingEnabledAdapterInterface;

class Memory extends PhMemory implements MountingEnabledAdapterInterface
{
    use MountAwareTrait;
}

Create roles

use Phalcon\Acl\Role;
use Preferans\Acl\Roles;

/** @var \Prest\Acl\MountingEnabledAdapterInterface $acl */
$acl = $di->get(Services::ACL);

// These are our main roles
$unauthorizedRole = new Role(Roles::UNAUTHORIZED);
$authorizedRole = new Role(Roles::AUTHORIZED);

// We register them on the acl
$acl->addRole($unauthorizedRole);
$acl->addRole($authorizedRole);

/**
 * All the following roles extend either from the authorizedRole or the
 * unauthorized role.
 */
$acl->addRole(new Role(Roles::ADMINISTRATOR), $authorizedRole);
$acl->addRole(new Role(Roles::MANAGER), $authorizedRole);
$acl->addRole(new Role(Roles::USER), $authorizedRole);

/**
 * Because the acl we use implements the `MountingEnabledAdapterInterface`
 * we are allowed to mount our Resources on it.
 */
$acl->mountMany($api->getResources());

Restrict access on Resources

use Prest\Api\Resource;
use Preferans\Acl\Roles;

$api->resource(Resource::crud('/users', 'User')
    // Here we restrict access to all endpoints
    // on this Resource. The `User` role is not allowed
    // to access all endpoints by default.
    ->deny(Roles::UNAUTHORIZED, Roles::USER)

    // Because access can be overridden,
    // we specifically allow access for
    // the `User` role on this endpoint.
    ->endpoint(Endpoint::get('/me', 'me')
        ->allow(Roles::USER)
        // .. more endpoint setup
    )

    // When a user has already been authenticated, it doesn't
    // make sense to let them gain access on this endpoint.
    ->endpoint(Endpoint::post('/authenticate', 'authenticate')
        ->allow(Roles::UNAUTHORIZED)
        ->deny(Roles::AUTHORIZED)
        // .. more endpoint setup
    )

    // .. more resource setup
);

results matching ""

No results matching ""