From 3a06e1f6388eb377c4a81519331b8b08b2f3a64b Mon Sep 17 00:00:00 2001 From: mark_story Date: Thu, 3 Jul 2014 09:09:25 -0400 Subject: [PATCH] Update code examples to be consistent with other docs. --- app/Config/acl.php | 72 +++++++++++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 30 deletions(-) diff --git a/app/Config/acl.php b/app/Config/acl.php index a8d6e380b..bbe18552f 100644 --- a/app/Config/acl.php +++ b/app/Config/acl.php @@ -34,57 +34,69 @@ * will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be * done via a call to Acl->check() with * - * array('User' => array('username' => 'jeff', 'group_id' => 4, ...)) + * {{{ + * array('User' => array('username' => 'jeff', 'group_id' => 4, ...)) + * }}} * * as ARO and * - * '/controllers/invoices/delete' + * {{{ + * '/controllers/invoices/delete' + * }}} * * as ACO. * * If the configured map looks like * - * $config['map'] = array( - * 'User' => 'User/username', - * 'Role' => 'User/group_id', - * ); + * {{{ + * $config['map'] = array( + * 'User' => 'User/username', + * 'Role' => 'User/group_id', + * ); + * }}} * * then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to * find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to * check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration. * E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like * - * $config['alias'] = array( - * 'Role/4' => 'Role/editor', - * ); + * {{{ + * $config['alias'] = array( + * 'Role/4' => 'Role/editor', + * ); + * }}} * * In the roles configuration you can define roles on the lhs and inherited roles on the rhs: * - * $config['roles'] = array( - * 'Role/admin' => null, - * 'Role/accountant' => null, - * 'Role/editor' => null, - * 'Role/manager' => 'Role/editor, Role/accountant', - * 'User/jeff' => 'Role/manager', - * ); + * {{{ + * $config['roles'] = array( + * 'Role/admin' => null, + * 'Role/accountant' => null, + * 'Role/editor' => null, + * 'Role/manager' => 'Role/editor, Role/accountant', + * 'User/jeff' => 'Role/manager', + * ); + * }}} * * In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role. * Lets define some rules: * - * $config['rules'] = array( - * 'allow' => array( - * '*' => 'Role/admin', - * 'controllers/users/(dashboard|profile)' => 'Role/default', - * 'controllers/invoices/*' => 'Role/accountant', - * 'controllers/articles/*' => 'Role/editor', - * 'controllers/users/*' => 'Role/manager', - * 'controllers/invoices/delete' => 'Role/manager', - * ), - * 'deny' => array( - * 'controllers/invoices/delete' => 'Role/accountant, User/jeff', - * 'controllers/articles/(delete|publish)' => 'Role/editor', - * ), - * ); + * {{{ + * $config['rules'] = array( + * 'allow' => array( + * '*' => 'Role/admin', + * 'controllers/users/(dashboard|profile)' => 'Role/default', + * 'controllers/invoices/*' => 'Role/accountant', + * 'controllers/articles/*' => 'Role/editor', + * 'controllers/users/*' => 'Role/manager', + * 'controllers/invoices/delete' => 'Role/manager', + * ), + * 'deny' => array( + * 'controllers/invoices/delete' => 'Role/accountant, User/jeff', + * 'controllers/articles/(delete|publish)' => 'Role/editor', + * ), + * ); + * }}} * * Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager, * Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than