about acl with database

[alnux]

Could you please explain a little more the definition of ACL in database, because I want to make an application where you can remove or give permissions to users resources dynamically. For example to a user x give permission to the action update and at a given time remove this ability. This without touching the code, only by a web panel and database.

secondary, I would also like to know how to make an extension for ubiquity, to convert above described into an ubiquity extension for example called acl-ui.

really thanks

[jcheron]

With the latest version of ubiquity-acl: 0.0.13 in a project:

Initialization

The initialization will create the AclElement, Role, Resource and Permission models, and the corresponding tables.

• You must have created a database, and configured it in the Ubiquity project
• Add the following script in a method of the app/config/bootstrap.php file:

function _dev($devtools,$config){
	$config=\Ubiquity\controllers\Startup::$config;
	\Ubiquity\security\acl\AclManager::initializeDAOProvider($config, 'default');
	$dao=new \Ubiquity\security\acl\persistence\AclDAOProvider($config);
	$dao->createModels(); //Optional
	echo Console::showInfo("Development mode");
}

Note that the generation of models is optional: you can do without it, if you don't want to customize them.
In this case, the models included in ubiquity-acl are used.

• Run it with:

Ubiquity bootstrap dev

The generated models are particular, since they simply inherit from the corresponding ACL classes:

namespace models;

 /**
  * Class Role
  */
class Role  extends \Ubiquity\security\acl\models\Role{

}

Configuration

• Then you have to configure the ACLs in app/config/services.php to start with AclDAOProvider:

\Ubiquity\security\acl\AclManager::start();
\Ubiquity\security\acl\AclManager::initFromProviders([
	new \Ubiquity\security\acl\persistence\AclDAOProvider($config, [
		'acl'=>\models\AclElement::class,
		'role'=>\models\Role::class,
		'resource'=>\models\Resource::class,
		'permission'=>\models\Permission::class
	]),
	new \Ubiquity\security\acl\persistence\AclCacheProvider()
]);

Note that the order of the providers passed as parameters to the constructor is important. An existing ACL element will not be added a second time, even if it exists in several providers..

Use

After starting the project, with the Webtools, you should see the ALC interface modified:

You can add ACL elements via the webtools ACL interface:

Or in the models part:

Or in the code, like for cached ACLs:

//Adding a new ACLElement
//Note that the role, permission or resource are added if they do not already exist
AclManager::addAndAllow('@USER', 'MyAclController.forUserWrite', 'WRITE');

//Adding a new role inheriting from @USER
AclManager::addRole('@CHILD', ['@USER']);

//Adding a new permission with level 500
AclManager::addPermission('MANAGE', 500);

//Adding a new resource
AclManager::addResource('MyController');

Demo project

I added a new project in the demos to illustrate this: acl-db-project

[jcheron]

Update on initialization

It is possible to make it easier to initialize the AclDAOProvider, with the new version of devtools (1.4.3).
Update (in the project and globally)

composer global update
composer update

Then execute the following command to create the tables and models (you must always have a database created and configured before).

Ubiquity acl-init -p=dao -m

• dao option for the AclDAOProvider and the db tables
• m for the models

[alnux]

I will test it, really thanks @jcheron