Acl - adampatterson/Tentacle GitHub Wiki

###Overview The Access Control List (ACL) library allows you to easily manage user roles and resources. To load the acl library manually you may do this:

load::library('acl');

###Basic Usage This is how you could setup a basic ACL for a commenting system:

$comment = acl::create('comment');

// Define the guest and user roles
$comment->role('guest');
$comment->role('user');

// Add the view comments resource and allow both guests and users to access it
$comment->resource('view');
$comment->allow('guest','view');
$comment->allow('user','view');

// Add the post comment resource and allow only users to access it
$comment->resource('post');
$comment->allow('user','post');

You could then test access to the resources like this:

// Can users post comments?
echo $comment->is_allowed('user','post') ? 'allowed' : 'denied';

echo "\n";

// Can guests post comments?
echo $comment->is_allowed('guest','post') ? 'allowed' : 'denied';

The above should output the following:

allowed
denied

###Nesting Roles As your ACLs become more complex you will quickly find that assigning every role to every resource that you want it to have access to is a tedious process. Nested roles fixes this issue by allowing you to nest, or place, roles inside each other.

$comment = acl::create('comment');

// Define the guest, user, and admin roles
$comment->role('guest');
$comment->role('user',array('guest')); // The user role is inside the guest role
$comment->role('admin',array('user')); // The admin role is inside the user role

// Define Evan as a user
$comment->role('Evan',array('user'));

// Add the view comment resource and allow guests to access it
$comment->resource('view');
$comment->allow('guest','view');

// Add the post comment resource and allow users to access it
$comment->resource('post');
$comment->allow('user','post');

// Add the edit comment resource and allow admins to access it
$comment->resource('edit');
$comment->allow('admin','edit');

You could then test access to the resources like this:

// Can users view comments?
echo $comment->is_allowed('user','view') ? 'allowed' : 'denied';
echo "\n";

// Can users post comments?
echo $comment->is_allowed('user','post') ? 'allowed' : 'denied';
echo "\n";

// Can guests post comments?
echo $comment->is_allowed('guest','post') ? 'allowed' : 'denied';
echo "\n";

// Can users edit comments?
echo $comment->is_allowed('user','edit') ? 'allowed' : 'denied';
echo "\n";

// Can admins edit comments?
echo $comment->is_allowed('admin','edit') ? 'allowed' : 'denied';
echo "\n\n";


// Can Evan view comments?
echo $comment->is_allowed('Evan','view') ? 'allowed' : 'denied';
echo "\n";

// Can Evan post comments?
echo $comment->is_allowed('Evan','post') ? 'allowed' : 'denied';
echo "\n";

// Can Evan edit comments?
echo $comment->is_allowed('Evan','edit') ? 'allowed' : 'denied';

The above would output this:

allowed
allowed
denied
denied
allowed

allowed
allowed
denied

###Denying Access You can deny access to a resource that you have already granted to a role with the deny function.

$comment = acl::create('comment');

// Create a role for Evan
$comment->role('Evan');

// Create resource, and allow access
$comment->resource('post');
$comment->allow('Evan','post');

// Now deny access!
$comment->deny('Evan','post');

// Is Evan allowed to post comments?
echo $comment->is_allowed('Evan','post') ? 'allowed' : 'denied';

This displays:

denied

###Using Your ACL Anywhere Once you have created an ACL you may want to access it from a model, view, or helper. To grab an ACL for usage just use acl->get().

$comment = acl::get('comment');

// Do something...