alchemy/acl-bundle

Symfony ACL bundle

Maintainers

Details

github.com/alchemy-fr/acl-bundle

Homepage

Source

Issues

Installs: 3 524

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 5

Forks: 0

Open Issues: 0

Type:symfony-bundle

0.2.1 2024-09-24 14:58 UTC

Requires

Requires (Dev)

MIT a969b425cd07f6c4195d6aa302fe130dc4164c52

This package is auto-updated.

Last update: 2024-10-24 15:48:24 UTC

README

Installation

Project configuration

Add the entities you want to extend with ACL:

# config/packages/alchemy_acl.yaml
alchemy_acl:
  objects:
    publication: App\Entity\Publication
    asset: App\Entity\Asset

Then you must alias your UserRepository service:

# config/services.yaml
services:
    Alchemy\AclBundle\Repository\UserRepositoryInterface: '@App\Repository\UserRepository'

Add redis cache for access token:

# config/packages/cache.yaml
framework:
    cache:
        default_redis_provider: redis://redis
        pools:
            accessToken.cache: # You must use this name for auto wiring
                adapter: cache.adapter.redis

API

Definitions

  • userType Can be user or group

  • userId The user ID or the group ID (depending on the userType). If the value is NULL, then the ACE allows everybody.

  • objectType Depending on the application. Rely on the object you have defined:

alchemy_acl:
  objects:
    publication: App\Entity\Publication
    asset: App\Entity\Asset

In this application, objectType can be either publication or asset.

  • objectId If the value is NULL, then the ACE is apply to all objects of this objectType.

Endpoints

This bundle exposes the following routes to the application:

  • GET /permissions/aces Get access control entries (ACEs) Available query filters:
  • userType (user or group)
  • userId
  • objectType
  • objectId

Examples:

# List all ACEs of an object
curl {HOST}/permissions/aces?objectType=publication&objectId=pub-42

# List all ACEs of a group
curl {HOST}/permissions/aces?userType=group&userId=g-42

# List all ACEs of a user
curl {HOST}/permissions/aces?userType=user&userId=u-42

# List all ACEs of a user on an object
curl {HOST}/permissions/aces?userType=user&userId=u-42&objectType=publication&objectId=pub-42
  • PUT /permissions/ace Add or update access control entry (ACE)

You must provide the following body:

{
    "userType": "user",
    "userId": "the-user-id",
    "objectType": "publication",
    "objectId": "the-publication-id",
    "mask": 7
}
  • DELETE /permissions/ace Remove access control entry (ACE)
{
    "userType": "user",
    "userId": "the-user-id",
    "objectType": "publication",
    "objectId": "the-publication-id"
}