Skip to content

Commit

Permalink
Changes as requested per mwop
Browse files Browse the repository at this point in the history 
Conflicts:
	docs/book/usage.md
  • Loading branch information
@TomHAnderson @weierophinney
TomHAnderson authored and weierophinney committed Sep 17, 2020
1 parent 479b6f9 commit fb13cd1
Showing 1 changed file with 25 additions and 9 deletions.
34 changes: 25 additions & 9 deletions docs/book/usage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,25 +103,41 @@ having inherited conflicting rules from different parent roles.
rule that is directly applicable to the query. In this case, since the "member" role is examined
before the "guest" role, the example code would print "allowed".

### LIFO/FILO order for Role parents
### LIFO order for Role parents

When specifying multiple parents for a role the last parent listed is the first
one searched for rules applicable to an authorization query. This Last-In-First-Out
(aka First-In-Last-Out) strategy is represented with this example.
Here the `first` role is the highest order:
one searched for rules applicable to an authorization query. This Last-In-First-Out (LIFO) strategy is represented with this example.
Here the `first` role inherits from `second`, `third`, and `last` and is the most permissioned role:

```php
use Zend\Permissions\Acl\Acl;
use Zend\Permissions\Acl\Role\GenericRole as Role;
use Zend\Permissions\Acl\Resource\GenericResource as Resource;

$acl = new Acl();

$acl->addRole(new Role('last'))
->addRole(new Role('third'))
->addRole(new Role('second'));

```
$acl->addRole(new Role('first'), ['last', 'third', 'second']);

$acl->addResource(new Resource('someResource'));

$acl->deny('last', 'someResource');
$acl->allow('third', 'someResource');

// allowed
echo $acl->isAllowed('first', 'someResource') ? 'allowed' : 'denied';
```

Less-permissioned roles will be first in the parents array. For instance, where a`guest`
Less-permissioned roles will be first in the parents array. For instance, where a`guest`
role is unauthenticated, a `user` role is authenticated, and an `admin` role has the highest
permissions, adding the `admin` role is as follows:
permissions. As soon as any ACL query returns false evaluation of `isAllowed` is terminated and false is returned. For this reason your least permissioned roles come first in the parents array. Adding the `admin` role is as follows:

```
```php
$acl->addRole(new Role('admin'), ['guest', 'user']);
```

## Creating the Access Control List

An Access Control List (ACL) can represent any set of physical or virtual objects that you wish.
Expand Down

0 comments on commit fb13cd1

Please sign in to comment.