Different permissions for resources and user roles with Laminas ACL
<?php
use Laminas\Permissions\Acl\Acl;
use Laminas\Permissions\Acl\Resource\ResourceInterface;
// Resource object. A Resource can also be a string instead of an object
class ValueObject implements ResourceInterface
{
private $id;
private $name;
public function __construct($id, $name)
{
$this->id = (int) $id;
$this->name = (string) $name;
}
/**
* Method of ResourceInterface
*
* @return string
*/
public function getResourceId()
{
return 'ValueObject-' . $this->id;
}
}
// custom privileges
$read = 'R';
$write = 'W';
$troll = 'T'; // Allowance to troll others with the resource
// Create one Resource (ResourceId: "ValueObject-1")
$vo1 = new ValueObject(1, 'one');
$acl = new Acl();
/*
You may prefer Role objects than strings
because Role objects are used anyways in
Acl.
addRole(newRole, parentRole)
*/
$acl->addRole('ANONYMOUS');
$acl->addRole('USER', 'ANONYMOUS');
$acl->addRole('ADMIN', 'USER');
// Add resources, usually unique data
$acl->addResource($vo1);
// set who is allowed to do stuff with Resources
$acl->allow('USER', $vo1, $read);
$acl->allow('ADMIN', $vo1, [$write, $troll]);
// Let's see who has which permission
echo 'ANONYMOUS read $vo1';
dump(
$acl->isAllowed('ANONYMOUS', $vo1, $read)
);
echo 'USER read $vo1';
dump(
$acl->isAllowed('USER', $vo1, $read)
);
echo 'USER trolls with $vo1';
dump(
$acl->isAllowed('USER', $vo1, $troll)
);
echo 'ADMIN read $vo1';
dump(
$acl->isAllowed('ADMIN', $vo1, $read)
);
echo 'ADMIN trolls with $vo1';
dump(
$acl->isAllowed('ADMIN', $vo1, $troll)
);
Result
ANONYMOUS read $vo1
^ falseUSER read $vo1
^ trueUSER trolls with $vo1
^ falseADMIN read $vo1
^ trueADMIN trolls with $vo1
^ true
More Snippets
Used Versions
PHP 8.2, Laminas MVC 3.2, Symfony 5.2, Laravel 8.28, PHPUnit 9.5, Doctrine ORM 2.8