承接 hoa/acl 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

hoa/acl

最新稳定版本:1.17.05.02

Composer 安装命令:

composer require hoa/acl

包简介

The Hoa\Acl library.

README 文档

README

Hoa

Build status Code coverage Packagist License

Hoa is a modular, extensible and structured set of PHP libraries.
Moreover, Hoa aims at being a bridge between industrial and research worlds.

Hoa\Acl

Help on IRC Help on Gitter Documentation Board

This library allows to create and manipulate an Access Control List (ACL). The actors of an ACL are the following:

  • Group, contains zero or more users, has zero or more permissions and owns zero or more services. A group can inherit permissions from other groups. Users and services cannot be inherited. If a group owns a service, this is a shared service because several users can access to it,
  • User, can own zero or more services and can belong to zero or more groups,
  • Permission, is like a right. A group holds zero or more permissions that can be used to allow or disallow access to something,
  • Service, is a document, a resource, something a user would like to access.

Whilst the word “list” is contained in its name, the underlying structure is a graph (please, see the Hoa\Graph library) where vertices (i.e. nodes) are groups.

Learn more.

Installation

With Composer, to include this library into your dependencies, you need to require hoa/acl:

$ composer require hoa/acl '~1.0'

For more installation procedures, please read the Source page.

Testing

Before running the test suites, the development dependencies must be installed:

$ composer install

Then, to run all the test suites:

$ vendor/bin/hoa test:run

For more information, please read the contributor guide.

Quick usage

As a quick overview, we propose the following actors:

  • Groups: Visitor, buyer, editor, administrator,
  • Users: Anonymous visitor, logged visitor, product editor, blog editor,
  • Permissions: Read, write, buy,
  • Services: Product, blog page.

Basically, there are 2 services: A product and a blog page. It can look like a little shop. Visitors can be logged or not. If logged, then it can buy a product. The shop can be administrated by editors, with different roles: One for the products and one for the blog. Thus, we have 4 groups: Visitor, buyer, editor and administrator.

Create the ACL

We start by creating all the actors, in separated variables for the sake of clarity:

$groupVisitor       = new Hoa\Acl\Group('group_visitor');
$groupBuyer         = new Hoa\Acl\Group('group_buyer');
$groupEditor        = new Hoa\Acl\Group('group_editor');
$groupAdministrator = new Hoa\Acl\Group('group_administrator');

$userAnonymousVisitor = new Hoa\Acl\User('user_visitor_anonymous');
$userLoggedVisitor    = new Hoa\Acl\User('user_visitor_logged');
$userProductEditor    = new Hoa\Acl\User('user_editor_product');
$userBlogEditor       = new Hoa\Acl\User('user_editor_blog');

$permissionRead  = new Hoa\Acl\Permission('permission_read');
$permissionWrite = new Hoa\Acl\Permission('permission_write');
$permissionBuy   = new Hoa\Acl\Permission('permission_buy');

$serviceProduct  = new Hoa\Acl\Service('service_product');
$serviceBlogPage = new Hoa\Acl\Service('service_blog_page');

Then, we put them together: We create an ACL instance, we add services on users and groups, we add users on groups, we add groups inside the ACL instance and finally we add permissions on groups.

// Create an ACL instance.
$acl = new Hoa\Acl();

// Add services to users and groups.
// The visitor group shares the product and the blog page services.
$groupVisitor->addServices([$serviceProduct, $serviceBlogPage]);
// The buyer group shares the product and the blog page services (reminder:
// Services are not inherited).
$groupBuyer->addServices([$serviceProduct, $serviceBlogPage]);
// The product editor user owns the product service.
$userProductEditor->addServices([$serviceProduct]);
// The blog editor user owns the blog page service.
$userBlogEditor->addServices([$serviceBlogPage]);

// Add users to groups.
// The visitor group contains one anonymous visitor user.
$groupVisitor->addUsers([$userAnonymousVisitor]);
// The buyer group contains one logged visitor user.
$groupBuyer->addUsers([$userLoggedVisitor]);
// The editor group contains two users: Product editor and blog editor.
$groupEditor->addUsers([$userProductEditor, $userBlogEditor]);

// Add groups to the ACL instance.
$acl->addGroup($groupVisitor);
// The buy group inherits permissions from the visitor group.
$acl->addGroup($groupBuyer, [$groupVisitor]);
$acl->addGroup($groupEditor);
// The administrator group inherits permissions from the editor group.
$acl->addGroup($groupAdministrator, [$groupEditor]);

// Add permissions.
// The visitor group has permission to read.
$acl->allow($groupVisitor, [$permissionRead]);
// The buy group has permission to buy.
$acl->allow($groupBuyer, [$permissionBuy]);
// The editor group has permission to read and write.
$acl->allow($groupEditor, [$permissionRead, $permissionWrite])

This is important to keep in mind that users and services are not inherited between groups.

Query the ACL

Now our ACL is build, we can query it by, for example, using the isAllowed method. This method takes at least 2 arguments: A user and a permission. It checks if a user has a certain permission. In addition, a service can be provided too, and then it checks if a user has a certain permission on a specific service. Let's see some examples.

  • Is an anonymous visitor allowed to read a product? Yes.
$acl->isAllowed($userAnonymousVisitor, $permissionRead, $serviceProduct) // true
  • Is an anonymous visitor allowed to buy a product? No.
$acl->isAllowed($userAnonymousVisitor, $permissionBuy, $serviceProduct) // false
  • Is a logged visitor allowed to read a product? Yes.
$acl->isAllowed($userLoggedVisitor, $permissionRead, $serviceProduct) // true
  • Is a logged visitor allowed to buy a product? Yes.
$acl->isAllowed($userLoggedVisitor, $permissionBuy, $serviceProduct) // true
  • Is a logged visitor allowed to write (on any services)? No.
$acl->isAllowed($userLoggedVisitor, $permissionWrite) // false
  • Is a product editor allowed to buy (any services)? No.
$acl->isAllowed($userProductEditor, $permissionBuy) // false
  • Is a product editor allowed to write (any services)? Yes.
$acl->isAllowed($userProductEditor, $permissionWrite) // true
  • Is a blog editor allowed to write (any services)? Yes.
$acl->isAllowed($userBlogEditor, $permissionWrite) // true
  • Is a product editor allowed to write a blog page? No.
$acl->isAllowed($userProductEditor, $permissionWrite, $serviceBlogPage) // false
  • Is a blog editor allowed to write a blog page? Yes.
$acl->isAllowed($userBlogEditor, $permissionWrite, $serviceBlogPage) // true

Using objects for users, permissions and services can sometimes be cumbersome. Thus, we can use their respective IDs instead. Consequently, one can write:

$acl->isAllowed('user_editor_blog', 'permission_write', 'service_blog_page') // true

Thinner query with specific asserter

It may happen that the ACL, with users, permissions, services and groups, cannot be able to expres all your constraints. That's why an asserter can be provided.

An asserter must implement the Hoa\Acl\Assertable interface and expect the assert method to be implemented. It will receive the $userId, $permissionId and optionally the $serviceId data. This assert method must compute a boolean that will be used as the latest step of the isAllowed method.

Imagine the following scenario where a logged user cannot buy another product before M minutes if the amount of the current shopping bag is greater than X:

class DoNotBuyThatMuch implements Hoa\Acl\Assertable
{
    public function assert($userId, $permissionId, $serviceId)
    {
        $shoppingBag = getShoppingBagOf($userId);

        return
            X < $shoppingBag->getAmount() &&
            time() + M * 60 > $shoppingBag->getCheckoutTime();
    }
}

$acl->isAllowed(
    $userLoggedVisitor,
    $permissionBuy,
    $serviceProduct,
    new DoNotBuyThatMuch()
);

Obviously, the assert body can be complex and this library does not address asserter aggregation or similar problems. However, the Hoa\Ruler library perfectly fills this role, you might want to consider it.

Documentation

The hack book of Hoa\Acl contains detailed information about how to use this library and how it works.

To generate the documentation locally, execute the following commands:

$ composer require --dev hoa/devtools
$ vendor/bin/hoa devtools:documentation --open

More documentation can be found on the project's website: hoa-project.net.

Getting help

There are mainly two ways to get help:

Contribution

Do you want to contribute? Thanks! A detailed contributor guide explains everything you need to know.

License

Hoa is under the New BSD License (BSD-3-Clause). Please, see LICENSE for details.

hoa/acl 适用场景与选型建议

hoa/acl 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 651 次下载、GitHub Stars 达 27, 最近一次更新时间为 2014 年 03 月 05 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「library」 「user」 「group」 「access」 「service」 「control」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 hoa/acl 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 hoa/acl 我们能提供哪些服务?
定制开发 / 二次开发

基于 hoa/acl 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 651
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 27
  • 点击次数: 18
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 27
  • Watchers: 14
  • Forks: 12
  • 开发语言: PHP

其他信息

  • 授权协议: BSD-3-Clause
  • 更新时间: 2014-03-05