API documentationTable Of ContentsPrevious topicNext topicThis Page |
Access Control List¶ACL is based on Phalcon ACL. Acl Roles are stored in database. Each user can have only one role. In production mode Acl compiles from database and is cached by the system. There is only one default Acl key: Core\Api\Acl::ACL_ADMIN_AREA (‘AdminArea’). This key is used for admin panel access. By default there are three roles: Admin, User and Guest. All not authenticated requests assigned to Guest Role. Logged-in sessions are assigned to User. Admin is the most privileged Role. ACL Usage¶Acl class is part of Core module API and can be accessed via api container (core container) from DI. In controller: <?php
// Check if current user has access to perform given action on the resource.
$this->core->acl()->isAllowed($viewer->getRole()->name, $resource, $action) == Acl::ALLOW;
// Get allowed value on given resource for user.
$this->getDI()->get('core')->acl()->getAllowedValue($resource, $viewer->getRole(), $valueName);
In view: {# Check if user is allowed to view, and show something. #}
{% if helper('acl').isAllowed('\Core\Model\Page', 'show_views') %}
<div class="page_views">{{ 'View count:'|i18n }}{{ page.view_count }}</div>
{% endif %}
{# Check if user is allowed to view, and show something. #}
{{ helper('acl').getAllowed('\Core\Model\Page', 'page_footer') }}
Model ACL¶Let’s take the Blog system as an example. We can allow or disallow access for some roles to perform actions such as: “create”, “edit” and “delete”. Also we have two values:
We can also define required actions and their values in blog model via annotation @Acl: <?php
/**
* Blog model.
*
* @category PhalconEye
* @package Blog\Model
* @author Ivan Vorontsov <ivan.vorontsov@phalconeye.com>
* @copyright 2013-2014 PhalconEye Team
* @license New BSD License
* @link http://phalconeye.com/
*
* @Source("blogs")
* @Acl(actions={"create", "edit", "delete"}, options={"blog_footer", "blog_count"})
*/
class Blog extends AbstractModel
{
}
After defining required actions and values you can set their values in admin panel via Access Rights system. Note: In development mode PhalconEye will automatically pick up all changes made to models. |