A complete usage instance (the ACL is encapsulated as a plug-in use ):
UsePhalcon\acl; UsePhalcon\acl\role; UsePhalcon\acl\Resource; Usephalcon\events\event; UsePhalcon\mvc\user\plugin; UsePhalcon\mvc\dispatcher; UsePhalcon\acl\adapter\memory asacllist;classSecuritypluginextendsplugin{//returns a list of existing or newly created ACLs Public functionGetacl () {if(!isset($this->persistent->ACL)) { $acl=Newacllist (); //Set the default access level to deny $acl->setdefaultaction (ACL::DENY); //Add a role $roles=Array( ' Users ' =NewRole (' Users '), ' guests ' =NewRole (' Guests ') ); foreach($roles as $role) { $acl->addrole ($role); } //Add a private resource $privateResources=Array( ' Posts ' =Array(' Post '), ' comments ' =Array(' comment ') ); foreach($privateResources as $resource=$actions) { $acl->addresource (New Resource($resource),$actions); } //Add a public resource $publicResources=Array( ' Index ' =Array(' index '), ' register ' =Array(' index '), ' login ' =Array(' Index ', ' Start ', ' End '), ' posts ' =Array(' index ', ' detail ') ); foreach($publicResources as $resource=$actions) { $acl->addresource (New Resource($resource),$actions); } //access control for public resources foreach($roles as $role) { foreach($publicResources as $resource=$actions) { foreach($actions as $action) { $acl->allow ($role->getname (),$resource,$action); } } } //Private resource access control foreach($privateResources as $resource=$actions) { foreach($actions as $action) { $acl->allow (' Users ',$resource,$action); } } $this->persistent->acl =$acl; } return $this->persistent->ACL; } //querying ACL lists for permission control Public functionBeforedispatch (Event$event, Dispatcher$dispatcher) { $auth=$this->session->get (' auth '); if(!$auth) {//querying the identity of the current user $role= ' Guests '; } Else { $role= ' Users '; } $controller=$dispatcher-Getcontrollername (); $action=$dispatcher-Getactionname (); $acl=$this-Getacl (); $allowed=$acl->isallowed ($role,$controller,$action); if($allowed! = Acl::allow) {//requires user login to be privileged $dispatcher->forward (Array( ' Controller ' = ' login ', ' action ' = ' index ' )); $this->session->destroy (); return false; }} is bound to an event controller when the dispatch controller is injected:$di->set (' Dispatcher ',function() Use($di) { $eventsManager=NewEventsmanager; $eventsManager->attach (' Dispatch:beforedispatch ',Newsecurityplugin); $dispatcher=NewDispatcher; $dispatcher->seteventsmanager ($eventsManager); return $dispatcher;});
This way, each time from one method to another method before the program will go to query the permission control list, to see if the user will jump to the method has access, if not the permission to jump to the method specified in the plug-in.
In addition, you can use the inheritance mechanism to construct more complex roles by simply writing the instance of the role you want to inherit in the second parameter of the function that added the role:
Create a role
$roleAdmins = new Role ("Administrators", "super-user role");
$roleGuests = new Role ("Guests");
add "Guests" to ACL
$acl->addrole ($roleGuests);
Enable Administrators to inherit Guests access Rights
$acl->addrole ($roleAdmins, $roleGuests);
To improve performance, An instance of Phalcon\acl can be instantiated into an APC, Session, text, or database:
Save the instantiated data to a text file
File_put_contents ("App/security/acl.data", Serialize ($acl));
return serialization
$acl = Unserialize (file_get_contents ("App/security/acl.data"));
Access Control List ACL
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
