我的应用层需要一个ACL,我一直在研究Zend ACL,它似乎可以满足我的需求,但我对以下内容感到困惑[1]:
例如,如果要将默认规则应用于 城市,人们会简单地将规则分配给城市,而不是 为每个建筑物分配相同的规则。某些建筑物可能需要 但是,这种规则的例外情况,这可以在
ZendPermissionsAclAcl通过将此类例外规则分配给每个 需要这种例外的建筑。
这太好了。正是我需要的。但是,我该如何实现此目的?
通过阅读Zend ACL的文档,我实际上找不到这方面的示例。因此,假设我有一个City和Building资源,并且每个资源都实现了ResourceInterface。像这样:
class City implements ResourceInterface {
public function getResourceId()
{
return "city"; // Is this supposed to be the "type" or the "unique Id"?
}
public $buildings = array();
}
class Building implements ResourceInterface {
public function getResourceId()
{
return "building"; // Again, the "type" or "unique Id"?
}
}
正如上面代码中的注释可能已经清楚地表明的那样,资源 ID 是什么?它是否代表资源的"类型",即这是一个城市或建筑物,或者它是否需要是唯一的 ID,即"city-1"等?
如果答案是它必须是"类型",那么问题就变成了;我如何指定独特的建筑?但是,如果答案是 Id 需要是唯一的,那么问题就变成了;如何识别资源的"类型"和每个建筑物的"一揽子"权限,如文档中的引用中所述。
任何见解将不胜感激。
[1] http://zf2.readthedocs.org/en/latest/modules/zend.permissions.acl.intro.html
resource Id需要是唯一的值。 对于分配全局规则,您需要对资源使用继承。 简单 将资源添加到 ACL 时,您需要将city资源作为building资源的父资源传递。
这是一个示例:
$acl = new Acl();
//the original Acl resource class takes a `resourceId` as constructor parameter
$mycity1 = new Resource('mycity1');
$acl->addResource($mycity1);
$mybuiding1 = new Resource('mybulding1');
//city is the buildings parent
$acl->addResource($mybuiding1,$mycity1);
//you dont even have to create a class just define the resource as string
$acl->addResource('secure_buildings',$mycity1);
$acl->addRole('myrole1');
//roles have inheritance too
$acl->addRole('myrole2','myrole1');
//myrole1 and myrole2 has access to city and all its building
$acl->allow('myrole1','mycity1');
//myrole2 has access to city and all its building except 'secure_buildings'
$acl->deny('myrole2','secure_buildings');
子资源bulding继承父资源city的规则(如果未为其定义(。
更新评论 :
ACL不知道也不关心您拥有哪种资源类型,只要它们具有唯一的资源 ID,ACL 就会平等地威胁所有资源,只查找resourceId和继承。
定义规则时,只需提供allow和deny的resourceId,只要将它们定义为资源并添加到ACL的堆栈中,它们是什么类型就无关紧要。
当你做$acl->inAllowed你只需要一个roleId和resourceId,ACL再次不关心它们的类型,只是它们已被定义为资源abd,他们有没有父级......
样品:我希望这是足够的样本
$acl = new Acl();
$acl->addResource('City'); //all the cities
$acl->addResource('myCity1', 'City'); //city1 inherits City
$acl->addResource('Building', 'City'); //all the buildings in all the cities
$acl->addResource('normal_buildings', 'Building');
$acl->addResource('secure_buildings', 'Building');
$acl->addResource('top_secure_buildings', 'secure_buildings');
$acl->addRole('Civilian');
$acl->addRole('High_Level_Security', 'Civilian');
$acl->allow('Civilian', 'City');
$acl->deny('Civilian', 'secure_buildings');
$acl->allow('High_Level_Security', 'secure_buildings');
$acl->deny('High_Level_Security', 'top_secure_buildings');
var_dump($acl->isAllowed('Civilian', 'City'));//true -> direct allow rule
var_dump($acl->isAllowed('Civilian', 'myCity1'));//true -> inherited from City allow rule
var_dump($acl->isAllowed('Civilian', 'Building'));//true -> inherited from City allow rule
var_dump($acl->isAllowed('Civilian', 'normal_buildings'));//true -> inherited from City allow rule
var_dump($acl->isAllowed('Civilian', 'secure_buildings'));//false -> direct deny rule
var_dump($acl->isAllowed('Civilian', 'top_secure_buildings'));//false -> inherited from secure_building deny rule
var_dump($acl->isAllowed('High_Level_Security', 'City'));//true -> inherited from Civilian->City allow rule
var_dump($acl->isAllowed('High_Level_Security', 'myCity1'));//true -> inherited from Civilian->City allow rule
var_dump($acl->isAllowed('High_Level_Security', 'Building'));//true -> inherited from Civilian->City allow rule
var_dump($acl->isAllowed('High_Level_Security', 'normal_buildings'));//true -> inherited from Civilian->City allow rule
var_dump($acl->isAllowed('High_Level_Security', 'secure_buildings'));//true -> direct allow rule
var_dump($acl->isAllowed('High_Level_Security', 'top_secure_buildings'));//false -> direct deny rule