Update code examples to be consistent with other docs.

This commit is contained in:
mark_story 2014-07-03 09:09:25 -04:00
parent cee56eaef7
commit 3a06e1f638

View file

@ -34,57 +34,69 @@
* will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be * will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be
* done via a call to Acl->check() with * done via a call to Acl->check() with
* *
* array('User' => array('username' => 'jeff', 'group_id' => 4, ...)) * {{{
* array('User' => array('username' => 'jeff', 'group_id' => 4, ...))
* }}}
* *
* as ARO and * as ARO and
* *
* '/controllers/invoices/delete' * {{{
* '/controllers/invoices/delete'
* }}}
* *
* as ACO. * as ACO.
* *
* If the configured map looks like * If the configured map looks like
* *
* $config['map'] = array( * {{{
* 'User' => 'User/username', * $config['map'] = array(
* 'Role' => 'User/group_id', * 'User' => 'User/username',
* ); * 'Role' => 'User/group_id',
* );
* }}}
* *
* then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to * then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to
* find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to * find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to
* check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration. * check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration.
* E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like * E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like
* *
* $config['alias'] = array( * {{{
* 'Role/4' => 'Role/editor', * $config['alias'] = array(
* ); * 'Role/4' => 'Role/editor',
* );
* }}}
* *
* In the roles configuration you can define roles on the lhs and inherited roles on the rhs: * In the roles configuration you can define roles on the lhs and inherited roles on the rhs:
* *
* $config['roles'] = array( * {{{
* 'Role/admin' => null, * $config['roles'] = array(
* 'Role/accountant' => null, * 'Role/admin' => null,
* 'Role/editor' => null, * 'Role/accountant' => null,
* 'Role/manager' => 'Role/editor, Role/accountant', * 'Role/editor' => null,
* 'User/jeff' => 'Role/manager', * 'Role/manager' => 'Role/editor, Role/accountant',
* ); * 'User/jeff' => 'Role/manager',
* );
* }}}
* *
* In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role. * In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role.
* Lets define some rules: * Lets define some rules:
* *
* $config['rules'] = array( * {{{
* 'allow' => array( * $config['rules'] = array(
* '*' => 'Role/admin', * 'allow' => array(
* 'controllers/users/(dashboard|profile)' => 'Role/default', * '*' => 'Role/admin',
* 'controllers/invoices/*' => 'Role/accountant', * 'controllers/users/(dashboard|profile)' => 'Role/default',
* 'controllers/articles/*' => 'Role/editor', * 'controllers/invoices/*' => 'Role/accountant',
* 'controllers/users/*' => 'Role/manager', * 'controllers/articles/*' => 'Role/editor',
* 'controllers/invoices/delete' => 'Role/manager', * 'controllers/users/*' => 'Role/manager',
* ), * 'controllers/invoices/delete' => 'Role/manager',
* 'deny' => array( * ),
* 'controllers/invoices/delete' => 'Role/accountant, User/jeff', * 'deny' => array(
* 'controllers/articles/(delete|publish)' => 'Role/editor', * 'controllers/invoices/delete' => 'Role/accountant, User/jeff',
* ), * 'controllers/articles/(delete|publish)' => 'Role/editor',
* ); * ),
* );
* }}}
* *
* Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager, * Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager,
* Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than * Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than