Sign upLogin

jaceju/goez-acl

View on GitHub
Star
readme.md

Summary

Maintainability
Test Coverage
# Simple role-based access control

[![Build Status](https://travis-ci.org/jaceju/goez-acl.svg)](https://travis-ci.org/jaceju/goez-acl) [![Code Climate](https://codeclimate.com/github/jaceju/goez-acl/badges/gpa.svg)](https://codeclimate.com/github/jaceju/goez-acl) [![Test Coverage](https://codeclimate.com/github/jaceju/goez-acl/badges/coverage.svg)](https://codeclimate.com/github/jaceju/goez-acl)

## Requirement

- PHP 7.4+

## Installation

Goez/Acl is an independent library for access control, you can use it in any PHP project with composer:

```shell
composer require goez/acl
```

### Laravel

Goez/Acl also supports Laravel 5.4, just follow the steps below:

1. Install from composer.

2. Publish configuration after composer require.

   ```shell
   php artisan vendor:publish --tag=acl-config
   ```

3. Edit `app/config/packages/goez/acl/config.php`:

    ```php
    <?php
    return [
        'init' => function ($acl) {
    
            // Initialize your permission here.
            // Example:
            //
            // $acl->fullPrivileges('admin');
            // $acl->allow('author', 'read', 'article');
            // $acl->allow('author', 'write', 'article');
            // $acl->allow('guest', 'read', 'article');
            // $acl->deny('guest', 'write', 'article');
    
        },
    ];
    ```

4. Use methods of Acl in your code:

    ```php
    // In controller:
    if ($acl->can('member', 'read', 'article')) {
        // ...
    }
    ```

   In Blade template:

    ```html
    @if (app('acl')->can('member', 'read', 'article`))
    <!-- .... -->
    @endif
    ```

## More Examples

For the examples below, you need to create an instance of `Acl` first:

```php
use Goez\Acl\Acl;

$acl = new Acl();
```

### Add Role

```php
$acl->addRole('admin');
$acl->addRole('member');
$acl->addRole('guest');

var_dump($acl->hasRole('admin')); // true
var_dump($acl->hasRole('member')); // true
var_dump($acl->hasRole('notExists')); // false
```

### Create rules for role

```php
$acl->allow('guest', 'read', 'article');
$acl->deny('guest', 'write', 'article');

var_dump($acl->can('guest', 'read', 'article')); // true
var_dump($acl->can('guest', 'write', 'article')); // false
```

*Note 1: Methods `allow` and `deny` will add role automatically.*

*Note 2: It's always denied by default unless you allowed it.*

### Override rule

```php
$acl->allow('author', 'read', 'article'); // rule 1
$acl->allow('author', 'write', 'article'); // rule 2
$acl->deny('author', 'read', 'article'); // rule 3, override rule 1
$acl->deny('author', 'write', 'article'); // rule 4, override rule 2

var_dump($acl->can('author', 'read', 'article')); // false
var_dump($acl->can('author', 'write', 'article')); // false
```

### Full privileges

```php
$acl->fullPrivileges('admin');

var_dump($acl->can('admin', 'create', 'page')); // true
var_dump($acl->can('admin', 'create', 'site')); // true
var_dump($acl->can('admin', 'read', 'article')); // true
var_dump($acl->can('admin', 'write', 'article')); // true
```

*Note: Method `fullPrivileges ` will add role automatically.*

### Multiple actions or resources

```php
$actions = ['create', 'read', 'write'];
$resources = ['page', 'site', 'article'];

$acl->allow('guest', 'read', $resources);
$acl->allow('author', $actions, 'article');
$acl->allow('admin', $actions, $resources);
```

### Wildcard support for action

```php
$acl->allow('author', '*', 'article');

var_dump($acl->can('author', 'read', 'article')); // true
var_dump($acl->can('author', 'write', 'article')); // true

var_dump($acl->can('author', 'read', 'news')); // false
var_dump($acl->can('author', 'write', 'news')); // false
```

### Wildcard support in `can` method.

```php
$acl->allow('guest', 'write', 'article:comment');

var_dump($acl->can('guest', '*', 'article')); // true
var_dump($acl->can('guest', '*', 'article:content')); // false
var_dump($acl->can('guest', '*', 'news:*')); // false
```

### Sub resource

Use `:` to define the sub-resource.

In this example, `article` as same as `article:*`.

```php
$acl->allow('guest', 'read', 'article');
$acl->allow('guest', 'write', 'article:comment');
$acl->allow('author', '*', 'article:*');

var_dump($acl->can('author', 'read', 'article:title')); // true
var_dump($acl->can('author', 'read', 'article:content')); // true
var_dump($acl->can('author', 'read', 'article:comment')); // true
var_dump($acl->can('author', 'write', 'article:title')); // true
var_dump($acl->can('author', 'write', 'article:content')); // true
var_dump($acl->can('author', 'write', 'article:comment')); // true

var_dump($acl->can('guest', 'read', 'article:title')); // true
var_dump($acl->can('guest', 'read', 'article:content')); // true
var_dump($acl->can('guest', 'read', 'article:comment')); // true
var_dump($acl->can('guest', 'write', 'article:title')); // false
var_dump($acl->can('guest', 'write', 'article:content')); // false
var_dump($acl->can('guest', 'write', 'article:comment')); // true
```

## License

MIT