# 訪問控制列表 ACL(Access Control Lists ACL)
# 訪問控制列表 ACL(Access Control Lists ACL)
Phalcon在權限方面通過 [*Phalcon\\Acl*](#) 提供了一個輕量級的 ACL(訪問控制列表). [Access Control Lists](http://en.wikipedia.org/wiki/Access_control_list) (ACL)允許系統對用戶的訪問權限進行控制,比如允許訪問某些資源而不允許訪問其它資源等。 這里我們建議開發者了解一些關于ACL的技術。
ACL有兩部分組成即角色和資源。 資源即是ACL定義的權限所依附的對象。 角色即是ACL所字義的請求者的身份,ACL決定了角色對資源的訪問權限,允許訪問或拒絕訪問。
### 創建 ACL(Creating an ACL)
這個組件起先是設計工作在內存中的, 這樣做提供了更高的訪問速度。 [*Phalcon\\Acl*](#) 構造器的第一個參數用于設置取得ACL的方式。 下面是使用內存適配器的例子:
```
<pre class="calibre14">```
<?php
use Phalcon\Acl\Adapter\Memory as AclList;
$acl = new AclList();
```
```
默認情況下 [*Phalcon\\Acl*](#) 允許我們訪問未定義的資源中的action,為了提高安全性, 我們設置默認訪問級別為‘拒絕’。
```
<pre class="calibre14">```
<?php
// 設置默認訪問級別為拒絕
$acl->setDefaultAction(Phalcon\Acl::DENY);
```
```
### 添加角色(Adding Roles to the ACL)
角色即是權限的集合體,其中定義了我們對資源的訪問權限。 例如, 我們會把一個組織內的不同的人定義為不同的角色。 The [*Phalcon\\Acl\\Role*](#)類使用一種更有組織的方式來定義角色。 這里我們創建一些角色:
```
<pre class="calibre14">```
<?php
use Phalcon\Acl\Role;
// 創建角色
$roleAdmins = new Role("Administrators", "Super-User role");
$roleGuests = new Role("Guests");
// 添加 "Guests" 角色到ACL
$acl->addRole($roleGuests);
// 添加"Designers"到ACL, 僅使用此字符串。
$acl->addRole("Designers");
```
```
上面我們看到,我們可以直接使用字符串來定義角色。
### 添加資源(Adding Resources)
資源即是訪問控制要控制的對象之一。 正常情況下在mvc中資源一般是控制器。 Phalcon中我們使用 [*Phalcon\\Acl\\Resource*](#) 來定義資源。非常重要的一點即是我們把相關的action或操作添加到資源中這樣ACL才知道控制什么資源。
```
<pre class="calibre14">```
<?php
use Phalcon\Acl\Resource;
// 定義 "Customers" 資源
$customersResource = new Resource("Customers");
// 為 "customers"資源添加一組操作
$acl->addResource($customersResource, "search");
$acl->addResource($customersResource, array("create", "update"));
```
```
### 定義訪問控制(Defining Access Controls)
至此我們定義了角色及資源, 現在是定義ACL的時候了,即是定義角色對資源的訪問。 這個部分是極其重要的,特別是在我們設定了默認的訪問級別后。
```
<pre class="calibre14">```
<?php
// 設置角色對資源的訪問級別
$acl->allow("Guests", "Customers", "search");
$acl->allow("Guests", "Customers", "create");
$acl->deny("Guests", "Customers", "update");
```
```
allow()方法指定了允許角色對資源的訪問, deny()方法則反之。
### 查詢 ACL(Querying an ACL)
一旦訪問控制表定義之后, 我們就可以通過它來檢查角色是否有訪問權限了。
```
<pre class="calibre14">```
<?php
// 查詢角色是否有訪問權限
$acl->isAllowed("Guests", "Customers", "edit"); // Returns 0
$acl->isAllowed("Guests", "Customers", "search"); // Returns 1
$acl->isAllowed("Guests", "Customers", "create"); // Returns 1
```
```
### 角色繼承(Roles Inheritance)
我們可以使用 [*Phalcon\\Acl\\Role*](#) 提供的繼承機制來構造更復雜的角色。 Phalcon中的角色可以繼承來自其它角色的權限, 這樣就可以實現更巧妙的資源訪問控制。 如果要繼承權限用戶, 我們需要在添加角色函數的第二個參數中寫上要繼承的那個角色實例。
```
<pre class="calibre14">```
<?php
use Phalcon\Acl\Role;
// ...
// 創建角色
$roleAdmins = new Role("Administrators", "Super-User role");
$roleGuests = new Role("Guests");
// 添加 "Guests" 到 ACL
$acl->addRole($roleGuests);
// 使Administrators繼承Guests的訪問權限
$acl->addRole($roleAdmins, $roleGuests);
```
```
### 序列化 ACL 列表(Serializing ACL lists)
為了提高性能, [*Phalcon\\Acl*](#) 的實例可以被實例化到APC, session, 文本或數據庫中, 這樣開發者就不需要重復的定義acl了。 下面展示了如何去做:
```
<pre class="calibre14">```
<?php
use Phalcon\Acl\Adapter\Memory as AclList;
// ...
// 檢查ACL數據是否存在
if (!is_file("app/security/acl.data")) {
$acl = new AclList();
// ... Define roles, resources, access, etc
// 保存實例化的數據到文本文件中
file_put_contents("app/security/acl.data", serialize($acl));
} else {
// 返序列化
$acl = unserialize(file_get_contents("app/security/acl.data"));
}
// 使用ACL
if ($acl->isAllowed("Guests", "Customers", "edit")) {
echo "Access granted!";
} else {
echo "Access denied :(";
}
```
```
### ACL 事件(ACL Events)
如果需要的話 [*Phalcon\\Acl*](#) 可以發送事件到 [*EventsManager*](#) 。 這里我們為acl綁定事件。其中一些事件的處理結果如果返回了false則表示正在處理的操作會被中止。支持如下的事件:
事件名觸發條件能否中止操作beforeCheckAccess在權限檢查之前觸發YesafterCheckAccess在權限檢查之后觸發No下面的例子中展示了如何綁定事件到此組件:
```
<pre class="calibre14">```
<?php
use Phalcon\Acl\Adapter\Memory as AclList;
use Phalcon\Events\Manager as EventsManager;
// ...
// 創建事件管理器
$eventsManager = new EventsManager();
// 綁定事件類型為acl
$eventsManager->attach("acl", function ($event, $acl) {
if ($event->getType() == "beforeCheckAccess") {
echo $acl->getActiveRole(),
$acl->getActiveResource(),
$acl->getActiveAccess();
}
});
$acl = new AclList();
// Setup the $acl
// ...
// 綁定eventsManager到ACL組件
$acl->setEventsManager($eventManagers);
```
```
### 自定義適配器(Implementing your own adapters)
開發者要創建自己的擴展或已存在適配器則需要實現此 [*Phalcon\\Acl\\AdapterInterface*](#) 接口。
|
- [索引](# "總目錄")
- [下一頁](# "多語言支持(Multi-lingual Support)") |
- [上一頁](# "Encryption/Decryption") |
- API參考
- API列表
- Abstract class Phalcon\Acl
- Abstract class Phalcon\Acl\Adapter
- Class Phalcon\Acl\Adapter\Memory
- Interface Phalcon\Acl\AdapterInterface
- Class Phalcon\Acl\Exception
- Class Phalcon\Acl\Resource
- Interface Phalcon\Acl\ResourceInterface
- Class Phalcon\Acl\Role
- Interface Phalcon\Acl\RoleInterface
- Class Phalcon\Annotations\Annotation
- Abstract class Phalcon\Annotations\Adapter
- Interface Phalcon\Annotations\AdapterInterface
- Class Phalcon\Annotations\Collection
- Class Phalcon\Annotations\Exception
- Class Phalcon\Annotations\Reader
- Interface Phalcon\Annotations\ReaderInterface
- Class Phalcon\Annotations\Reflection
- Class Phalcon\Assets\Collection
- Class Phalcon\Assets\Exception
- Interface Phalcon\Assets\FilterInterface
- Class Phalcon\Assets\Filters\Cssmin
- Class Phalcon\Assets\Filters\Jsmin
- Class Phalcon\Assets\Filters\None
- Class Phalcon\Assets\Inline
- Class Phalcon\Assets\Inline\Css
- Class Phalcon\Assets\Inline\Js
- Class Phalcon\Assets\Manager
- Class Phalcon\Assets\Resource
- Class Phalcon\Assets\Resource\Css
- Class Phalcon\Assets\Resource\Js
- Abstract class Phalcon\Cache\Backend
- Class Phalcon\Cache\Backend\Apc
- Class Phalcon\Cache\Backend\File
- Class Phalcon\Cache\Backend\Libmemcached
- Class Phalcon\Cache\Backend\Memcache
- Class Phalcon\Cache\Backend\Memory
- Class Phalcon\Cache\Backend\Mongo
- Class Phalcon\Cache\Backend\Redis
- Class Phalcon\Cache\Backend\Xcache
- Interface Phalcon\Cache\BackendInterface
- Class Phalcon\Cache\Exception
- Class Phalcon\Cache\Frontend\Base64
- Class Phalcon\Cache\Frontend\Data
- Class Phalcon\Cache\Frontend\Igbinary
- Class Phalcon\Cache\Frontend\Json
- Class Phalcon\Cache\Frontend\None
- Class Phalcon\Cache\Frontend\Output
- Interface Phalcon\Cache\FrontendInterface
- Class Phalcon\Cache\Multiple
- Class Phalcon\Cli\Router\Route
- Class Phalcon\Config
- Class Phalcon\Config\Adapter\Ini
- Class Phalcon\Config\Adapter\Json
- Class Phalcon\Config\Adapter\Php
- Class Phalcon\Config\Adapter\Yaml
- Class Phalcon\Config\Exception
- Class Phalcon\Crypt
- Class Phalcon\Crypt\Exception
- Interface Phalcon\CryptInterface
- Abstract class Phalcon\Db
- Abstract class Phalcon\Db\Adapter
- Interface Phalcon\Db\AdapterInterface
- Class Phalcon\Db\Column
- Interface Phalcon\Db\ColumnInterface
- Abstract class Phalcon\Db\Dialect
- Interface Phalcon\Db\DialectInterface
- Class Phalcon\Db\Exception
- Class Phalcon\Db\Index
- Interface Phalcon\Db\IndexInterface
- Class Phalcon\Db\Profiler
- Class Phalcon\Db\RawValue
- Class Phalcon\Db\Reference
- Interface Phalcon\Db\ReferenceInterface
- Class Phalcon\Db\Result\Pdo
- Interface Phalcon\Db\ResultInterface
- Class Phalcon\Debug
- Class Phalcon\Debug\Dump
- Class Phalcon\Debug\Exception
- Interface Phalcon\DiInterface
- Abstract class Phalcon\Dispatcher
- Interface Phalcon\DispatcherInterface
- Class Phalcon\Escaper
- Class Phalcon\Escaper\Exception
- Interface Phalcon\EscaperInterface
- Class Phalcon\Events\Event
- Interface Phalcon\Events\EventsAwareInterface
- Class Phalcon\Events\Exception
- Class Phalcon\Events\Manager
- Interface Phalcon\Events\ManagerInterface
- Class Phalcon\Exception
- Class Phalcon\Filter
- Class Phalcon\Filter\Exception
- Interface Phalcon\Filter\UserFilterInterface
- Interface Phalcon\FilterInterface
- Abstract class Phalcon\Flash
- Class Phalcon\Flash\Direct
- Class Phalcon\Flash\Exception
- Class Phalcon\Flash\Session
- Interface Phalcon\FlashInterface
- Class Phalcon\Forms\Form
- Abstract class Phalcon\Forms\Element
- Class Phalcon\Forms\Exception
- Class Phalcon\Forms\Manager
- Class Phalcon\Http\Cookie
- Class Phalcon\Http\Cookie\Exception
- Class Phalcon\Http\Request
- Class Phalcon\Http\Request\Exception
- Class Phalcon\Http\Request\File
- Interface Phalcon\Http\Request\FileInterface
- Interface Phalcon\Http\RequestInterface
- Class Phalcon\Http\Response
- Class Phalcon\Http\Response\Cookies
- Interface Phalcon\Http\Response\CookiesInterface
- Class Phalcon\Http\Response\Exception
- Class Phalcon\Http\Response\Headers
- Interface Phalcon\Http\Response\HeadersInterface
- Interface Phalcon\Http\ResponseInterface
- Class Phalcon\Image
- Abstract class Phalcon\Image\Adapter
- Class Phalcon\Image\Adapter\Imagick
- Interface Phalcon\Image\AdapterInterface
- Class Phalcon\Image\Exception
- Class Phalcon\Kernel
- Class Phalcon\Loader
- Class Phalcon\Loader\Exception
- Abstract class Phalcon\Logger
- Abstract class Phalcon\Logger\Adapter
- Class Phalcon\Logger\Adapter\File
- Class Phalcon\Logger\Adapter\Firephp
- Class Phalcon\Logger\Adapter\Stream
- Class Phalcon\Logger\Adapter\Syslog
- Interface Phalcon\Logger\AdapterInterface
- Class Phalcon\Logger\Exception
- Abstract class Phalcon\Logger\Formatter
- Interface Phalcon\Logger\FormatterInterface
- Class Phalcon\Logger\Item
- Class Phalcon\Logger\Multiple
- Class Phalcon\Mvc\Application
- Class Phalcon\Mvc\Application\Exception
- Abstract class Phalcon\Mvc\Collection
- Abstract class Phalcon\Mvc\Collection\Behavior
- Class Phalcon\Mvc\Collection\Behavior\SoftDelete
- Class Phalcon\Mvc\Collection\Behavior\Timestampable
- Interface Phalcon\Mvc\Collection\BehaviorInterface
- Class Phalcon\Mvc\Collection\Document
- Class Phalcon\Mvc\Collection\Exception
- Class Phalcon\Mvc\Collection\Manager
- Interface Phalcon\Mvc\Collection\ManagerInterface
- Interface Phalcon\Mvc\CollectionInterface
- Abstract class Phalcon\Mvc\Controller
- Interface Phalcon\Mvc\ControllerInterface
- Class Phalcon\Mvc\Dispatcher
- Class Phalcon\Mvc\Dispatcher\Exception
- Interface Phalcon\Mvc\DispatcherInterface
- Interface Phalcon\Mvc\EntityInterface
- Class Phalcon\Mvc\Micro
- Class Phalcon\Mvc\Micro\Collection
- Interface Phalcon\Mvc\Micro\CollectionInterface
- Class Phalcon\Mvc\Micro\Exception
- Class Phalcon\Mvc\Micro\LazyLoader
- Interface Phalcon\Mvc\Micro\MiddlewareInterface
- Abstract class Phalcon\Mvc\Model
- Abstract class Phalcon\Mvc\Model\Behavior
- Class Phalcon\Mvc\Model\Criteria
- Interface Phalcon\Mvc\Model\CriteriaInterface
- Class Phalcon\Mvc\Model\Exception
- Class Phalcon\Mvc\Model\Manager
- Interface Phalcon\Mvc\Model\ManagerInterface
- Class Phalcon\Mvc\Model\Message
- Interface Phalcon\Mvc\Model\MessageInterface
- Abstract class Phalcon\Mvc\Model\MetaData
- Interface Phalcon\Mvc\Model\MetaDataInterface
- Class Phalcon\Mvc\Model\Query
- Interface Phalcon\Mvc\Model\QueryInterface
- Class Phalcon\Mvc\Model\Relation
- Interface Phalcon\Mvc\Model\RelationInterface
- Interface Phalcon\Mvc\Model\ResultInterface
- Abstract class Phalcon\Mvc\Model\Resultset
- Abstract class Phalcon\Mvc\Model\Validator
- Interface Phalcon\Mvc\Model\ResultsetInterface
- Class Phalcon\Mvc\Model\Row
- Class Phalcon\Mvc\Model\Transaction
- Interface Phalcon\Mvc\Model\TransactionInterface
- Class Phalcon\Mvc\Model\ValidationFailed
- Interface Phalcon\Mvc\ModelInterface
- Interface Phalcon\Mvc\ModuleDefinitionInterface
- Class Phalcon\Mvc\Router
- Class Phalcon\Mvc\Router\Annotations
- Class Phalcon\Mvc\Router\Exception
- Class Phalcon\Mvc\Router\Group
- Interface Phalcon\Mvc\Router\GroupInterface
- Class Phalcon\Mvc\Router\Route
- Interface Phalcon\Mvc\Router\RouteInterface
- Interface Phalcon\Mvc\RouterInterface
- Class Phalcon\Mvc\Url
- Class Phalcon\Mvc\Url\Exception
- Interface Phalcon\Mvc\UrlInterface
- Class Phalcon\Mvc\User\Component
- Class Phalcon\Mvc\User\Module
- Class Phalcon\Mvc\User\Plugin
- Class Phalcon\Mvc\View
- Abstract class Phalcon\Mvc\View\Engine
- Interface Phalcon\Mvc\View\EngineInterface
- Class Phalcon\Mvc\View\Exception
- Class Phalcon\Mvc\View\Simple
- Interface Phalcon\Mvc\ViewBaseInterface
- Interface Phalcon\Mvc\ViewInterface
- Abstract class Phalcon\Paginator\Adapter
- Class Phalcon\Paginator\Adapter\Model
- Class Phalcon\Paginator\Adapter\NativeArray
- Class Phalcon\Paginator\Adapter\QueryBuilder
- Interface Phalcon\Paginator\AdapterInterface
- Class Phalcon\Paginator\Exception
- Class Phalcon\Queue\Beanstalk
- Class Phalcon\Queue\Beanstalk\Job
- Final class Phalcon\Registry
- Class Phalcon\Security
- Class Phalcon\Security\Exception
- Abstract class Phalcon\Session
- Abstract class Phalcon\Session\Adapter
- Interface Phalcon\Session\AdapterInterface
- Class Phalcon\Session\Bag
- Interface Phalcon\Session\BagInterface
- Class Phalcon\Session\Exception
- Class Phalcon\Tag
- Class Phalcon\Tag\Exception
- Abstract class Phalcon\Tag\Select
- Abstract class Phalcon\Text
- Abstract class Phalcon\Translate
- Abstract class Phalcon\Translate\Adapter
- Class Phalcon\Translate\Adapter\Csv
- Class Phalcon\Translate\Adapter\Gettext
- Class Phalcon\Translate\Adapter\NativeArray
- Interface Phalcon\Translate\AdapterInterface
- Class Phalcon\Translate\Exception
- Class Phalcon\Validation
- Class Phalcon\Validation\Exception
- Class Phalcon\Validation\Message
- Class Phalcon\Validation\Message\Group
- Interface Phalcon\Validation\MessageInterface
- Abstract class Phalcon\Validation\Validator
- Class Phalcon\Validation\Validator\Alnum
- Class Phalcon\Validation\Validator\Alpha
- Class Phalcon\Validation\Validator\Between
- Class Phalcon\Validation\Validator\Confirmation
- Class Phalcon\Validation\Validator\Digit
- Class Phalcon\Validation\Validator\Email
- Class Phalcon\Validation\Validator\ExclusionIn
- Class Phalcon\Validation\Validator\File
- Class Phalcon\Validation\Validator\Identical
- Class Phalcon\Validation\Validator\InclusionIn
- Class Phalcon\Validation\Validator\Numericality
- Class Phalcon\Validation\Validator\PresenceOf
- Class Phalcon\Validation\Validator\Regex
- Class Phalcon\Validation\Validator\StringLength
- Class Phalcon\Validation\Validator\Uniqueness
- Class Phalcon\Validation\Validator\Url
- Interface Phalcon\Validation\ValidatorInterface
- Class Phalcon\Version
- 參考手冊
- 安裝(Installation)
- 教程 1:讓我們通過例子來學習(Tutorial 1: Let’s learn by example)
- 教程 2:Introducing INVO(Tutorial 2: Introducing INVO)
- 教程 3: Securing INVO
- 教程 4: Using CRUDs
- 教程 5: Customizing INVO
- 教程 6: Vkuró
- 教程 7:創建簡單的 REST API(Tutorial 7: Creating a Simple REST API)
- 示例列表(List of examples)
- 依賴注入與服務定位器(Dependency Injection/Service Location)
- MVC 架構(The MVC Architecture)
- 使用控制器(Using Controllers)
- 使用模型(Working with Models)
- 模型元數據(Models Meta-Data)
- 事務管理(Model Transactions)
- Phalcon 查詢語言(Phalcon Query Language (PHQL))
- 緩存對象關系映射(Caching in the ORM)
- 對象文檔映射 ODM (Object-Document Mapper)
- 使用視圖(Using Views)
- 視圖助手(View Helpers)
- 資源文件管理(Assets Management)
- Volt 模版引擎(Volt: Template Engine)
- MVC 應用(MVC Applications)
- 路由(Routing)
- 調度控制器(Dispatching Controllers)
- 微應用(Micro Applications)
- 使用命名空間(Working with Namespaces)
- 事件管理器(Events Manager)
- Request Environment
- 返回響應(Returning Responses)
- Cookie 管理(Cookies Management)
- 生成 URL 和 路徑(Generating URLs and Paths)
- 閃存消息(Flashing Messages)
- 使用 Session 存儲數據(Storing data in Session)
- 過濾與清理(Filtering and Sanitizing)
- 上下文編碼(Contextual Escaping)
- 驗證(Validation)
- 表單(Forms)
- 讀取配置(Reading Configurations)
- 分頁(Pagination)
- 使用緩存提高性能(Improving Performance with Cache)
- 安全(Security)
- Encryption/Decryption
- 訪問控制列表 ACL(Access Control Lists ACL)
- 多語言支持(Multi-lingual Support)
- Universal Class Loader
- 日志記錄(Logging)
- 注釋解析器(Annotations Parser)
- 命令行應用(Command Line Applications)
- 隊列(Queueing)
- 數據庫抽象層(Database Abstraction Layer)
- 國際化(Internationalization)
- 數據庫遷移(Database Migrations)
- 調試應用程序(Debugging Applications)
- Phalcon 開發工具(Phalcon Developer Tools)
- 提高性能:下一步該做什么?(Increasing Performance: What’s next?)
- 單元測試(Unit testing)
- 授權(License)