Where should I define ACL for Pages?

smj320 · June 7, 2021, 5:01am

Hi.

When I create navigation, I can happily use a ready-made factory to use a configuration file like as follow.

    'navigation' => [
        'default' => [
            [
                'label' => 'HOME',
                'controller' => 'home',
                'action' => 'index',
                'resource' => 'guest',
            ],...

But when I create ACL, I can’t find a ready-made factory for ACL using such a
configuration file as follows.

'acl' =>[
        'roles' => [
            'guest'          =>  [],
            'user'            =>  ['guest'],
            'admin'    =>  ['user'],
        ],
        'resources' => [
            'admin.action',
            'user.action',
            'guest.action',
            'login.action'
        ],

If so, I have to define ACL myself somewhere.

The “navigation helper factory” or the “despatch event listener” comes to my mind.

Where should I define ACL for Pages?

froschdesign · June 7, 2021, 6:07am

Unfortunately, there is no factory in the laminas-permissions-acl component at the moment, but it is planned.
But you can adopt the configuration from mezzio-authorization-acl:

The you can copy and modify the factory:

github.com

mezzio/mezzio-authorization-acl/blob/57c194c04086be4785608ce24bed4cd17605bf25/src/LaminasAclFactory.php#L16


      
          
          use Laminas\Permissions\Acl\Acl;
          use Laminas\Permissions\Acl\Exception\ExceptionInterface as AclExceptionInterface;
          use Mezzio\Authorization\AuthorizationInterface;
          use Mezzio\Authorization\Exception;
          use Psr\Container\ContainerInterface;
          
          use function in_array;
          use function sprintf;
          
          class LaminasAclFactory
          {
              /**
               * @throws Exception\InvalidConfigException
               */
              public function __invoke(ContainerInterface $container): AuthorizationInterface
              {
                  $config = $container->get('config')['mezzio-authorization-acl'] ?? null;
                  if (null === $config) {
                      throw new Exception\InvalidConfigException(
                          'No mezzio-authorization-acl config provided'

And to set the ACL for the navigation helpers, you can use this delegator:

github.com/laminas/laminas-navigation

Adds a delegator to set ACL for helpers

laminas:2.12.x ← froschdesign:feature/acl-delegator

opened 07:00PM - 24 Apr 21 UTC

froschdesign

+222 -0

| Q | A |-------------- | ------ | New Feature | yes ### De…scription The delegator allows the setting of a ACL for navigation helpers by using a registered `Laminas\Permissions\Acl\AclInterface` service. ### Example of Usage ```php 'navigation_helpers' => [ 'delegators' => [ Laminas\View\Helper\Navigation::class => [ Laminas\Navigation\View\PermissionAclDelegatorFactory::class, ], ], ], ```

froschdesign · June 7, 2021, 6:10am

smj320:

    'navigation' => [
        'default' => [
            [
                'label' => 'HOME',
                'controller' => 'home',
                'action' => 'index',
                'resource' => 'guest',
            ],...

guest is not a resource, but a role. According your ACL configuration, you have to use guest.action or something similar.

smj320 · June 7, 2021, 6:30am

Thank you for your suggestion again.

Thanks to your help, the base of our project are almost complete

smj320 · June 7, 2021, 6:39am

Humm, when we start new project, should we use Mezzio rather than MVC?

smj320 · June 7, 2021, 6:41am

Oh, I found a document.
https://docs.mezzio.dev/mezzio/v3/why-mezzio/

I’ll read it.

–
I like Laminas because it doesn’t have buzzy frequent updates compared to other frameworks.

But now, there are few information of Mezzo in Japanes (Laminas MVC, too), and this gives the feeling that the threshold is higher for the ordinary engineer (include me). If I had sufficient language skills, I could make some kind of contribution…

Topic		Replies	Views
Setting up the Acl Navigation in a laminas application Components & MVC laminas-navigation , laminas-permissions-acl	6	311	March 1, 2023
How to control permission using ACL for each controller Components & MVC	4	361	June 1, 2021
How to inject non-acl object into navigation? Components & MVC laminas-mvc , laminas-navigation	6	307	February 9, 2023
Rbac whit dynmic role, permission and user role / access from database Components & MVC laminas-permissions-rbac	1	243	March 13, 2022
How can I use page information from the navigation in the view? Components & MVC laminas-view , laminas-navigation	2	337	May 28, 2021

Where should I define ACL for Pages?

Related Topics