Phpgacl Chinese Handbook (ix) Extended permission object

Phpgacl Chinese Manual (ix) Extended permission object

Extending Permission Objects

in the Phpgacl You can configure extended permission objects by configuring the AXO object) To add permissions for third parties. We already know how phpgacl the ARO object and the ACO Object form an Access control policy directive, This is primarily used for simple permission requirements such as:

Luke ( ARO object) requires access to the weapons room ( ACO object) Permissions

If this is what you need, then AXO The object is completely optional!

but because of all the ACO objects are the same, so it will be difficult to manage them if they exist in many things. If this is the case, we can make it easier to manage by changing the way we think about permission objects.

AXO Objects are in many ways identical to ARO objects. This has a AXO tree (from ARO The tree is separated by its own group and AXO object. When working with AXO objects, look at the ACO Object way to view AXO object (i.e. "things that require permission control") and change View ACO object in the way, from the Things that require permission control "become" required to operate.

Treat only ARO and the ACO object in the following way:

• ARO objects: Things that require permission
• ACO objects: Things that require permission control

regard ARO , ACO and the AXO object in the following way:

• ARO objects: Things that require permission
• ACO object: The requested action
• AXO objects: Things that require permission control

For example:

A site administrator wants to manage permissions to access items in the site. An ARO tree consisting of all users is as follows: Website(website)
├─administrators(manager)
│├─alice
│└─carol
└─users(user)
├─bob
└─alan

in the AXO The tree is organized into items by operating system classifications: Projects(project)
├─linux
│├─spamfilter2
│└─autolinusworshipper
└─windows
├─paperclipkiller
└─popupstopper

for each item, the action is "watch" and "edit". These are ACO objects.

now we want Bob for all Linux Project has "view" permission, so you can add a ADP will Bob 's ARO object and watch ACO objects and Linux 's AXO objects are joined together. So we can ask a question:

Bob ( ARO object) requires a call to a Linux of items ( AXO objects) have "watch" ( ACO object) Permissions

RememberAXOis optional, if you are calling theAcl_check ()function is not specifiedAXOobject or match to aAXOobject thatADP, this is allowed. However, if onlyAXOobject thatAPDand you call it withoutAXOobject thatAcl_check ()function, then the system will fail.

so once you're in the call Acl_check () function is specified when the AXO object, Acl_check () function only searches for the containing AXO object that ACL list. If the AXO object is not specified, only lists that do not contain AXO objects are searched. Based on the above theory, the performance of the system has been improved.

