Add this to the require block in your composer.json.
{
"require": {
"windwalker/authorisation": "~3.0"
}
}A simple example to use Closure as policy with action name can.edit.article.
use Windwalker\Authorisation\Authorisation;
$auth = new Authorisation;
$auth->addPolicy('can.edit.article', function (User $user, \stdClass $article)
{
return $user->isAdmin() || $user->id == $article->author_id;
});
// Check access
$auth->authorise('can.edit.article', $user, $article); // booleanWe can also use Authorisation object as a ACL handler, see this example. We find blog.article actions from acl_list
table in database, and check the can.edit action greater then 1, so it means this user (or group) has access
to edit all articles in blog.
$auth->addPolicy('can.edit', function (User $user, $assetName)
{
$action = $db->prepare('SELECT access FROM acl_list WHERE action = :action AND asset = :asset AND group = :group')
->bind('action', 'can.edit')
->bind('asset', $assetName)
->bind('group', $user->group_id)
->execute()
->fetchObject();
return $action >= 1;
});
// Can edit articles
$auth->authorise('can.edit', $user, 'blog.article'); // boolean
// Can edit article with id = 3
$auth->authorise('can.edit', $user, 'blog.article.3'); // booleanNOTE: This is just an simple example to show how ACL works, you must write your own rules to implements ACL system.
We can define a policy by creating classes which implements PolicyInterface.
class CanEditPolicy implements \Windwalker\Authorisation\PolicyInterface
{
public function authorise($user, $data = null)
{
return $user->isAdmin() || $user->id == $data->author_id;
}
}
$auth->addPolicy('can.edit', new CanEditPolicy);
// After PHP 5.5, you can simply use ::class to add class name
$auth->addPolicy('can.edit', CanEditPolicy::class);Use Policy Provider, we can define policies in a class that is more easily to add multiple policies.
use Windwalker\Authorisation\AuthorisationInterface;
use Windwalker\Authorisation\PolicyProviderInterface;
class ArticlePolicyProvider implements PolicyProviderInterface
{
public function register(AuthorisationInterface $auth)
{
$auth->addPolicy('can.create.article', function () { ... });
$auth->addPolicy('can.edit.article', function () { ... });
$auth->addPolicy('can.edit.own.article', function () { ... });
$auth->addPolicy('can.delete.article', function () { ... });
}
}
// Register policies
$auth->registerPolicyProvider(new ArticlePolicyProvider);