Pair framework: Acl

Pair\Models\Acl defines access rules linking groups to module/action permissions.

Main methods

• checkPermission($super, $groupId, $module, $action = null): bool
• getModuleName(): string

Lifecycle hooks:

• afterCreate() logs ACL add in Audit
• beforeDelete() logs ACL removal in Audit

Implementation example

$allowed = \Pair\Models\Acl::checkPermission(
    $currentUser->super,
    $currentUser->groupId,
    'orders',
    'edit'
);

if (!$allowed) {
    throw new \Exception('Access denied');
}

Notes

• user module and super users are allowed by default in checkPermission.
• Rule evaluation is SQL-count based and supports module-wide rules (empty action).

See also: Rule, User, Session.