Dingo Framework

Dingo is a Rapid Development Application Framework written in PHP. Dingo allows you to create dynamic changing websites easily and quickly.

ACL Library

Overview

The Access Control List (ACL) library allows you to easily manage user roles and resources. To load the acl library manually you may do this:

load::library('acl');

Basic Usage

This is how you could setup a basic ACL for a commenting system:

$comment = acl::create('comment');

// Define the guest and user roles
$comment->role('guest');
$comment->role('user');

// Add the view comments resource and allow both guests and users to access it
$comment->resource('view');
$comment->allow('guest','view');
$comment->allow('user','view');

// Add the post comment resource and allow only users to access it
$comment->resource('post');
$comment->allow('user','post');

You could then test access to the resources like this:

// Can users post comments?
echo $comment->is_allowed('user','post') ? 'allowed' : 'denied';

echo "\n";

// Can guests post comments?
echo $comment->is_allowed('guest','post') ? 'allowed' : 'denied';

The above should output the following:

allowed
denied

Nesting Roles

As your ACLs become more complex you will quickly find that assigning every role to every resource that you want it to have access to is a tedious process. Nested roles fixes this issue by allowing you to nest, or place, roles inside each other.

$comment = acl::create('comment');

// Define the guest, user, and admin roles
$comment->role('guest');
$comment->role('user',array('guest')); // The user role is inside the guest role
$comment->role('admin',array('user')); // The admin role is inside the user role

// Define Evan as a user
$comment->role('Evan',array('user'));

// Add the view comment resource and allow guests to access it
$comment->resource('view');
$comment->allow('guest','view');

// Add the post comment resource and allow users to access it
$comment->resource('post');
$comment->allow('user','post');

// Add the edit comment resource and allow admins to access it
$comment->resource('edit');
$comment->allow('admin','edit');

You could then test access to the resources like this:

// Can users view comments?
echo $comment->is_allowed('user','view') ? 'allowed' : 'denied';
echo "\n";

// Can users post comments?
echo $comment->is_allowed('user','post') ? 'allowed' : 'denied';
echo "\n";

// Can guests post comments?
echo $comment->is_allowed('guest','post') ? 'allowed' : 'denied';
echo "\n";

// Can users edit comments?
echo $comment->is_allowed('user','edit') ? 'allowed' : 'denied';
echo "\n";

// Can admins edit comments?
echo $comment->is_allowed('admin','edit') ? 'allowed' : 'denied';
echo "\n\n";


// Can Evan view comments?
echo $comment->is_allowed('Evan','view') ? 'allowed' : 'denied';
echo "\n";

// Can Evan post comments?
echo $comment->is_allowed('Evan','post') ? 'allowed' : 'denied';
echo "\n";

// Can Evan edit comments?
echo $comment->is_allowed('Evan','edit') ? 'allowed' : 'denied';

The above would output this:

allowed
allowed
denied
denied
allowed

allowed
allowed
denied

Denying Access

You can deny access to a resource that you have already granted to a role with the deny function.

$comment = acl::create('comment');

// Create a role for Evan
$comment->role('Evan');

// Create resource, and allow access
$comment->resource('post');
$comment->allow('Evan','post');

// Now deny access!
$comment->deny('Evan','post');

// Is Evan allowed to post comments?
echo $comment->is_allowed('Evan','post') ? 'allowed' : 'denied';

This displays:

denied

Using Your ACL Anywhere

Once you have created an ACL you may want to access it from a model, view, or helper. To grab an ACL for usage just use acl->get().

$comment = acl::get('comment');

// Do something...

© 2008 - 2010 Evan Byrne

Network