Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
965 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
<?php | ||
/** | ||
* This is the PHP base ACL configuration file. | ||
* | ||
* Use it to configure access control of your Cake application. | ||
* | ||
* PHP 5 | ||
* | ||
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org) | ||
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* | ||
* Licensed under The MIT License | ||
* Redistributions of files must retain the above copyright notice. | ||
* | ||
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* @link http://cakephp.org CakePHP(tm) Project | ||
* @package app.Config | ||
* @since CakePHP(tm) v 2.1 | ||
* @license MIT License (http://www.opensource.org/licenses/mit-license.php) | ||
*/ | ||
|
||
/** | ||
* Example | ||
* ------- | ||
* | ||
* Assumptions: | ||
* | ||
* 1. In your application you created a User model with the following properties: | ||
* username, group_id, password, email, firstname, lastname and so on. | ||
* 2. You configured AuthComponent to authorize actions via | ||
* $this->Auth->authorize = array('Actions' => array('actionPath' => 'controllers/'),...) | ||
* | ||
* Now, when a user (i.e. jeff) authenticates successfully and requests a controller action (i.e. /invoices/delete) | ||
* that is not allowed by default (e.g. via $this->Auth->allow('edit') in the Invoices controller) then AuthComponent | ||
* will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be | ||
* done via a call to Acl->check() with | ||
* | ||
* array('User' => array('username' => 'jeff', 'group_id' => 4, ...)) | ||
* | ||
* as ARO and | ||
* | ||
* '/controllers/invoices/delete' | ||
* | ||
* as ACO. | ||
* | ||
* If the configured map looks like | ||
* | ||
* $config['map'] = array( | ||
* 'User' => 'User/username', | ||
* 'Role' => 'User/group_id', | ||
* ); | ||
* | ||
* then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to | ||
* find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to | ||
* check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration. | ||
* E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like | ||
* | ||
* $config['alias'] = array( | ||
* 'Role/4' => 'Role/editor', | ||
* ); | ||
* | ||
* In the roles configuration you can define roles on the lhs and inherited roles on the rhs: | ||
* | ||
* $config['roles'] = array( | ||
* 'Role/admin' => null, | ||
* 'Role/accountant' => null, | ||
* 'Role/editor' => null, | ||
* 'Role/manager' => 'Role/editor, Role/accountant', | ||
* 'User/jeff' => 'Role/manager', | ||
* ); | ||
* | ||
* In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role. | ||
* Lets define some rules: | ||
* | ||
* $config['rules'] = array( | ||
* 'allow' => array( | ||
* '*' => 'Role/admin', | ||
* 'controllers/users/(dashboard|profile)' => 'Role/default', | ||
* 'controllers/invoices/*' => 'Role/accountant', | ||
* 'controllers/articles/*' => 'Role/editor', | ||
* 'controllers/users/*' => 'Role/manager', | ||
* 'controllers/invoices/delete' => 'Role/manager', | ||
* ), | ||
* 'deny' => array( | ||
* 'controllers/invoices/delete' => 'Role/accountant, User/jeff', | ||
* 'controllers/articles/(delete|publish)' => 'Role/editor', | ||
* ), | ||
* ); | ||
* | ||
* Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager, | ||
* Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than | ||
* rules for Role/manager, rules for Role/manager are more specific than rules for Role/editor and so on. | ||
* This is important when allow and deny rules match for a role. E.g. Role/accountant is allowed | ||
* controllers/invoices/* but at the same time controllers/invoices/delete is denied. But there is a more | ||
* specific rule defined for Role/manager which is allowed controllers/invoices/delete. However, the most specific | ||
* rule denies access to the delete action explicitly for User/jeff, so he'll be denied access to the resource. | ||
* | ||
* If we would remove the role definition for User/jeff, then jeff would be granted access as he would be resolved | ||
* to Role/manager and Role/manager has an allow rule. | ||
*/ | ||
|
||
/** | ||
* The role map defines how to resolve the user record from your application | ||
* to the roles you defined in the roles configuration. | ||
*/ | ||
$config['map'] = array( | ||
'User' => 'User/username', | ||
'Role' => 'User/group_id', | ||
); | ||
|
||
/** | ||
* define aliases to map your model information to | ||
* the roles defined in your role configuration. | ||
*/ | ||
$config['alias'] = array( | ||
'Role/4' => 'Role/editor', | ||
); | ||
|
||
/** | ||
* role configuration | ||
*/ | ||
$config['roles'] = array( | ||
'Role/admin' => null, | ||
); | ||
|
||
/** | ||
* rule configuration | ||
*/ | ||
$config['rules'] = array( | ||
'allow' => array( | ||
'*' => 'Role/admin', | ||
), | ||
'deny' => array(), | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
<?php | ||
/** | ||
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org) | ||
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* | ||
* Licensed under The MIT License | ||
* Redistributions of files must retain the above copyright notice. | ||
* | ||
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org) | ||
* @link http://cakephp.org CakePHP(tm) Project | ||
* @package app.Config | ||
* @since CakePHP(tm) v3.0.0 | ||
* @license MIT License (http://www.opensource.org/licenses/mit-license.php) | ||
*/ | ||
namespace App\Config; | ||
|
||
use Cake\Core\Configure; | ||
use Cake\Core\ClassLoader; | ||
|
||
/** | ||
* CakePHP Debug Level: | ||
* | ||
* Production Mode: | ||
* 0: No error messages, errors, or warnings shown. Flash messages redirect. | ||
* | ||
* Development Mode: | ||
* 1: Errors and warnings shown, model caches refreshed, flash messages halted. | ||
* 2: As in 1, but also with full debug messages and SQL output. | ||
* | ||
* In production mode, flash messages redirect after a time interval. | ||
* In development mode, you need to click the flash message to continue. | ||
*/ | ||
Configure::write('debug', 2); | ||
|
||
/** | ||
* The root namespace your application uses. This should match | ||
* the top level directory. | ||
*/ | ||
$namespace = 'App'; | ||
|
||
/** | ||
* Configure basic information about the application. | ||
* | ||
* - namespace - The namespace to find app classes under. | ||
* - encoding - The encoding used for HTML + database connections. | ||
* - baseUrl - To configure CakePHP *not* to use mod_rewrite and to | ||
* use CakePHP pretty URLs, remove these .htaccess | ||
* files: | ||
* /.htaccess | ||
* /app/.htaccess | ||
* /app/webroot/.htaccess | ||
* And uncomment the baseUrl key below. | ||
* - base - The base directory the app resides in. If false this | ||
* will be auto detected. | ||
* - webroot - The webroot directory. | ||
* - www_root - The file path to webroot. | ||
*/ | ||
Configure::write('App', [ | ||
'namespace' => $namespace, | ||
'encoding' => 'UTF-8', | ||
'base' => false, | ||
'baseUrl' => false, | ||
//'baseUrl' => env('SCRIPT_NAME'), | ||
'dir' => APP_DIR, | ||
'webroot' => WEBROOT_DIR, | ||
'www_root' => WWW_ROOT, | ||
]); | ||
|
||
/** | ||
* Uncomment this line and correct your server timezone to fix | ||
* any date & time related errors. | ||
*/ | ||
//date_default_timezone_set('UTC'); | ||
|
||
/** | ||
* Setup Security and hashing related values. | ||
* The level of CakePHP security. | ||
* | ||
* - salt - A random string used in security hashing methods. | ||
* - cipherSeed - A random numeric string (digits only) used to seed | ||
* the xor cipher functions in Security. | ||
*/ | ||
Configure::write('Security', [ | ||
'salt' => 'DYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9mi', | ||
'cipherSeed' => '76859309657453542496749683645', | ||
]); | ||
|
||
/** | ||
* Apply timestamps with the last modified time to static assets (js, css, images). | ||
* Will append a querystring parameter containing the time the file was modified. This is | ||
* useful for invalidating browser caches. | ||
* | ||
* Set to `true` to apply timestamps when debug > 0. Set to 'force' to always enable | ||
* timestamping regardless of debug value. | ||
*/ | ||
//Configure::write('Asset.timestamp', true); | ||
|
||
/** | ||
* The classname and database used in CakePHP's | ||
* access control lists. | ||
*/ | ||
Configure::write('Acl', [ | ||
'database' => 'default', | ||
'classname', 'DbAcl', | ||
]); | ||
|
||
/** | ||
* Configure an autoloader for the App namespace. | ||
*/ | ||
$loader = new ClassLoader($namespace, dirname(APP)); | ||
$loader->register(); | ||
unset($loader, $namespace); |
Oops, something went wrong.