We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

acl and many roles

Hello friends. Please tell me how to implement the ideas. There storekeeper, he has available controllers. Is the warehouse manager, he has the same controllers and a few more. And there are the director, who almost all controllers. It is possible to arrange the inheritance of roles? There is an example of this implementation?

help me please ... hard and so, so still and English with difficulty given ...



14.4k

It's all good, I learn so. I asked one, and wanted to ask more. There is a role - the gardener. There is a role - the pool cleaner. And there is a role - a plumber. There are many roles in movies, but not the point. Can the role - the role of producer inherit all subordinate roles? Maybe it is not clear ... asked Google translator as translated into English ...)))



14.4k

I understood. Can I pass an array of roles as an inheritance? How hard to understand these useful little things



47.7k

https://docs.phalcon.io/uk/latest/reference/acl.html#roles-inheritance

I think this part of the document explains that you can use role inheritance as nth paramater the addRole function . You can then add resources later.

I believe that addRole docs are here:

https://docs.phalcon.io/en/3.0.1/api/Phalcon_Acl_Adapter.html#abstract-class-phalcon-acl-adapter

I personally cannot answer your question from experience.

Why don't you try it out and report back?



14.4k
edited Nov '16

<?php

use Phalcon\Acl\Role;

// ...

// Create some roles for cinema

$roleGardener = new Role("Gardener", "Gardener role");

$rolePlumber = new Role("Plumber", "Plumber role");

$roleWhore = new Role("Whore", "Whore role");

$roleProducer = new Role("Producer", "Producer role");

// Add "Guests" role to ACL

$acl->addRole($roleGardener);

$acl->addRole($rolePlumber);

$acl->addRole($roleWhore);

$acl->addRole($roleProducer,array($roleGardener,$rolePlumber,$roleWhore));

This embodiment does not work inheritance. One role can inherit, but many can not. Maybe I somehow wrong it make out?



11.0k

when you change any role you should destroy your session before test it because phalcon SecurityPlugin will work before access to any controller



14.4k

The error occurs regardless of the session. If the inheritance - a string, then everything works fine. If the array, an error occurs. Although the documentation ...

/*

 * Adds a role to the ACL list. Second parameter allows inheriting access data from other existing role

 * Example:

 * <code>

 * $acl->addRole(new Phalcon\Acl\Role('administrator'), 'consultant');

 * $acl->addRole('administrator', 'consultant');

 * </code>

 *

 * @param RoleInterface|string $role 

 * @param array|string $accessInherits                         ---This line is very important. So you can send an array of roles?

 * @return bool 

 */

public function addRole($role, $accessInherits = null) {}


47.7k
edited Nov '16

This?:

$acl->addRole($rolePlumber, $roleGardener);

$acl->addRole($roleBadequivalentRole, $rolePlumber);

$acl->addRole($roleProducer, $roleBadequivalentRole);

This?

$acl->addRole($roleProducer, $roleBadequivalentRole, $rolePlumber, $roleGardener);


47.7k
edited Nov '16

I think maybe this:

$acl->addRole($roleGardener);
$acl->addRole($rolePlumber);
$acl->addRole($roleBadequivalentRole);
$acl->addRole($roleProducer, [ 'roleGardener', 'rolePlumber', 'roleBadequivalentRole' ] );

or this:

$acl->addRole($rolePlumber, $roleGardener);
$acl->addRole($roleBadequivalentRole, $rolePlumber);
$acl->addRole($roleProducer, $roleBadequivalentRole);

or 

$acl->addRole($rolePlumber, 'roleGardener');
$acl->addRole($roleBadequivalentRole, 'rolePlumber');
$acl->addRole($roleProducer, 'roleBadequivalentRole');


14.4k

$acl->addRole($roleProducer, [ 'roleGardener', 'rolePlumber', 'roleBadequivalentRole' ] );

          • This entry does not work. I tried. but should work

$acl->addRole($rolePlumber, $roleGardener);

$acl->addRole($roleBadequivalentRole, $rolePlumber);

$acl->addRole($roleProducer, $roleBadequivalentRole);

          • and this record does not make sense.