coldiary
/
Vitrine
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
Base for a static organization website
2 커밋
1 브렌치
트리: 83e3273ea4
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '83e3273ea4'
${ noResults }
Vitrine/app/Config/acl.php

acl.php 4.3KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. <?php

  2. /**

  3.  * This is the PHP base ACL configuration file.

  4.  *

  5.  * Use it to configure access control of your CakePHP application.

  6.  *

  7.  * @link          http://cakephp.org CakePHP(tm) Project

  8.  * @package       app.Config

  9.  * @since         CakePHP(tm) v 2.1

  10.  */

  11. 

  12. /**

  13.  * Example

  14.  * -------

  15.  *

  16.  * Assumptions:

  17.  *

  18.  * 1. In your application you created a User model with the following properties:

  19.  *    username, group_id, password, email, firstname, lastname and so on.

  20.  * 2. You configured AuthComponent to authorize actions via

  21.  *    $this->Auth->authorize = array('Actions' => array('actionPath' => 'controllers/'),...)

  22.  *

  23.  * Now, when a user (i.e. jeff) authenticates successfully and requests a controller action (i.e. /invoices/delete)

  24.  * that is not allowed by default (e.g. via $this->Auth->allow('edit') in the Invoices controller) then AuthComponent

  25.  * will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be

  26.  * done via a call to Acl->check() with

  27.  *

  28.  *    array('User' => array('username' => 'jeff', 'group_id' => 4, ...))

  29.  *

  30.  * as ARO and

  31.  *

  32.  *    '/controllers/invoices/delete'

  33.  *

  34.  * as ACO.

  35.  *

  36.  * If the configured map looks like

  37.  *

  38.  *    $config['map'] = array(

  39.  *       'User' => 'User/username',

  40.  *       'Role' => 'User/group_id',

  41.  *    );

  42.  *

  43.  * then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to

  44.  * find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to

  45.  * check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration.

  46.  * E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like

  47.  *

  48.  *    $config['alias'] = array(

  49.  *       'Role/4' => 'Role/editor',

  50.  *    );

  51.  *

  52.  * In the roles configuration you can define roles on the lhs and inherited roles on the rhs:

  53.  *

  54.  *    $config['roles'] = array(

  55.  *       'Role/admin' => null,

  56.  *       'Role/accountant' => null,

  57.  *       'Role/editor' => null,

  58.  *       'Role/manager' => 'Role/editor, Role/accountant',

  59.  *       'User/jeff' => 'Role/manager',

  60.  *    );

  61.  *

  62.  * In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role.

  63.  * Lets define some rules:

  64.  *

  65.  *    $config['rules'] = array(

  66.  *       'allow' => array(

  67.  *       	'*' => 'Role/admin',

  68.  *       	'controllers/users/(dashboard|profile)' => 'Role/default',

  69.  *       	'controllers/invoices/*' => 'Role/accountant',

  70.  *       	'controllers/articles/*' => 'Role/editor',

  71.  *       	'controllers/users/*'  => 'Role/manager',

  72.  *       	'controllers/invoices/delete'  => 'Role/manager',

  73.  *       ),

  74.  *       'deny' => array(

  75.  *       	'controllers/invoices/delete' => 'Role/accountant, User/jeff',

  76.  *       	'controllers/articles/(delete|publish)' => 'Role/editor',

  77.  *       ),

  78.  *    );

  79.  *

  80.  * Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager,

  81.  * Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than

  82.  * rules for Role/manager, rules for Role/manager are more specific than rules for Role/editor and so on.

  83.  * This is important when allow and deny rules match for a role. E.g. Role/accountant is allowed

  84.  * controllers/invoices/* but at the same time controllers/invoices/delete is denied. But there is a more

  85.  * specific rule defined for Role/manager which is allowed controllers/invoices/delete. However, the most specific

  86.  * rule denies access to the delete action explicitly for User/jeff, so he'll be denied access to the resource.

  87.  *

  88.  * If we would remove the role definition for User/jeff, then jeff would be granted access as he would be resolved

  89.  * to Role/manager and Role/manager has an allow rule.

  90.  */

  91. 

  92. /**

  93.  * The role map defines how to resolve the user record from your application

  94.  * to the roles you defined in the roles configuration.

  95.  */

  96. $config['map'] = array(

  97. 	'User' => 'User/username',

  98. 	'Role' => 'User/group_id',

  99. );

  100. 

  101. /**

  102.  * define aliases to map your model information to

  103.  * the roles defined in your role configuration.

  104.  */

  105. $config['alias'] = array(

  106. 	'Role/4' => 'Role/editor',

  107. );

  108. 

  109. /**

  110.  * role configuration

  111.  */

  112. $config['roles'] = array(

  113. 	'Role/admin' => null,

  114. );

  115. 

  116. /**

  117.  * rule configuration

  118.  */

  119. $config['rules'] = array(

  120. 	'allow' => array(

  121. 		'*' => 'Role/admin',

  122. 	),

  123. 	'deny' => array(),

  124. );