Quick links: Content - sections - sub sections
EN FR
Developer manual
Jelix 1.1.12

Section: Configuring jAcl.db

« jAcl.db concepts ^ jAcl : old rights management
Switch to language: FR

Table of content

Before to use jAcl with the driver jAcl.db, you should first initialized the database and defines rights, subjects etc.

You can do this with jelix-scripts.

Database setup

You should setup a database access and create the table in this database.

database access

See the page on jDb to configure database access.

If you don't want to store jAcl.db tables in the default profile, you should create a new profile, and indicate it in the parameter "jacl_profil". Here is an example of the file dbprofils.ini.php :



default = foo
jacl_profil= acl

[foo]
driver="mysql"
database="jelix"
host= "localhost"
user= "jelix"
password= "jelix"
persistent= on
force_encoding=true

[acl]
driver="mysql"
database="rights"
host= "localhost"
user= "jelix"
password= "xilej"
persistent= on
force_encoding=true

Create the tables

You will find some sql script in lib/jelix/core-modules/jelix/install/. You should execute this script in your database to create all tables needed by jAcl.db : install_jacl.schema.mysql.sql.

Then you should have this tables:

  • jacl_group
  • jacl_user_group
  • jacl_right_values_group
  • jacl_right_values
  • jacl_subject
  • jacl_rights

Once these tables created, you can start configuring jAcl.

Configuration

You should use jelix-scripts to configure the rights. So go into the lib/jelix-scripts/ directory: 


$  cd lib/jelix-scripts/        # linux
$  cd lib\jelix-scripts\        #  windows

(note : $ in the shell).

Setup the application name in JELIX_APP_NAME:


$  export JELIX_APP_NAME="myapp"        #  linux
$  set JELIX_APP_NAME=myapp             #  windows

Then you should use the jelix.php script. Remember that we use jelix.php like this:


$  php jelix.php a_command argument argument argument...

(or php.exe jelix.php... on windows)

There are three command to configure jAcl.db: aclvalue, aclgroup and aclright. Each of this commands take at least one argument, a "sub-command".

Creating the values

You should create some subjects. Each subjects is associated to a group of values. So before to create subjects, you have to create group of values. In the order :

  • you create a groupe of values
  • you create all values in this group
  • you create the subject.

Let's create a subject "cms.articles" with the values READ, LIST, CREATE, DELETE, UPDATE.

First, you can list all existing groups of values:


$ php jelix.php aclvalue group_list

The first time, of course, you should have an empty list


 ----List of group of values of rights
 
 id      label key                       type
 --------------------------------------------------------

If there isn't a group of values you want for your subject, you should create one. You have to indicate a numerical identifiant (not already taken by another group), a locale key for its label (you must register this key in a localization file) as well as the type of group.

If the subject can be associated with multiple values of the group (that is our case), the type is 0. If it should be associated to only one value of a group (for example, a group that contains "true" and "false"), the type is 1.

Let's create the group of values:


$ php jelix.php aclvalue group_add  1 "cms~acl.articles.values" 0

You may modify the values of the identifier and the name of locale key of course. If you do not use a module to manage rights, then the key locale is not essential so you can put any string.

The result of the command is:


----Add a group of values of rights

OK

When the result of an acl command has succeed, there is always the message "OK". Now you can list the groups of values:


$ php jelix.php aclvalue group_list
---List of group of values of rights

id      label key                       type
--------------------------------------------------------
1       cms~acl.articles.values      0 (combinable values)

You can delete a group by doing:


$ php jelix.php aclvalue group_delete  1

Now you have to store values inside this group. You should indicate the value itself, a key of locale for the label, and the id of the group where we put it.


$ php jelix.php aclvalue add  READ "cms~acl.articles.value.read" 1
$ php jelix.php aclvalue add  LIST "cms~acl.articles.value.list" 1
$ php jelix.php aclvalue add  CREATE "cms~acl.articles.value.create" 1
$ php jelix.php aclvalue add  DELETE "cms~acl.articles.value.delete" 1
$ php jelix.php aclvalue add  UPDATE "cms~acl.articles.value.update" 1

We can verify that all is ok, by listing values:


$ php jelix.php aclvalue list
----List of right values

        value   label key
-----------------------------------------
GROUP 1 (cms~acl.articles.values)
        CREATE  cms~acl.articles.value.create
        DELETE  cms~acl.articles.value.delete
        LIST    cms~acl.articles.value.list
        READ    cms~acl.articles.value.read
        UPDATE  cms~acl.articles.value.update

You can delete a value by indicating its name and the id of the group:


$ php jelix.php aclvalue delete LIST 1

You can create all group of values you need. A group of value can be used for many subject.

Tables for the values

  • jacl_right_values_group, for the group of values
  • jacl_right_values, for the values

Creating subject

Now that values are created, we can create subjects. The management of subjects is done by using the aclright command. Let's create the subject "cms.articles", by indicating a key of locale for the label of this subject (or any language if you do not use module rights management) and the id of the group of values we want to assign to it (here 1).


$ php jelix.php aclright subject_create "cms.articles" "cms~acl.articles.subject" 1

We can verify in the subjects list:


$ php jelix.php aclright subject_list
----List of subjects

id                      label key
--------------------------------------------------------
cms.articles    cms~acl.articles.subject
        possible values: CREATE DELETE LIST READ UPDATE

You can delete a subject:


$ php jelix.php aclright subject_delete "cms.articles"

Table

  • jacl_subject

Creating a group of users

A right need a subject, a value, and a group of users. Let's create a group of users now. We should use the aclgroup command.

Let's create a group of writers:


$ php jelix.php aclgroup  create "writers"

The command displays "OK" and the id of the new group (here 1) :


----Create a new group

OK. Group id is: 1

We're going to create a second group, which will be the default group of new users. We have to use the option -defaultgroup.


$ php jelix.php aclgroup -defaultgroup create "readers"

We can list the groups:


$ php jelix.php aclgroup  list
----List of users groups

id      label name              default
--------------------------------------------------------
2       readers                yes
1       writers

We can change the "default" status with the sub-command setdefault, by giving the id of the group and a boolean:


$ php jelix.php aclgroup setdefault 1 true
or
$ php jelix.php aclgroup setdefault 1 false

We can change the name of a group:


$ php jelix.php aclgroup changename 1 "super writers"

To delete a group:


$ php jelix.php aclgroup delete 1

Tables

  • jacl_group, for groups of users
  • jacl_user_group, to associate users to groups

Creating rights

Now we have all things to define rights. We use the aclright command.

Let's imagine that readers can read and list articles. So we should link the values LIST and READ, with the subject "cms.articles", and with the group of readers (id: 2).


$ php jelix.php aclright add  2 "cms.articles" LIST
$ php jelix.php aclright add  2 "cms.articles" READ

Now let's verify the list of rights with the sub-command list


$ php jelix.php aclright list
----Rights list

group   subject value           resource
---------------------------------------------------------------
- group readers (2)
        cms.articles
                LIST
                READ

Let's define rights for writers (id: 1) now. We give all rights to them:


$ php jelix.php aclright add  1 "cms.articles" LIST
$ php jelix.php aclright add  1 "cms.articles" READ
$ php jelix.php aclright add  1 "cms.articles" CREATE
$ php jelix.php aclright add  1 "cms.articles" DELETE
$ php jelix.php aclright add  1 "cms.articles" UPDATE

The list:


$ php jelix.php aclright list
----Rights list

group   subject value           resource
---------------------------------------------------------------
- group readers (2)
        cms.articles
                LIST
                READ
- group writers (1)
        cms.articles
                CREATE
                DELETE
                LIST
                READ
                UPDATE

If we want to allow readers to modify a specific article "opinions", so we have to create a write with this specific resource "opinions":


$ php jelix.php aclright add  2 "cms.articles" UPDATE "opinions"

Now we verify:


$ php jelix.php aclright list
----Rights list

group   subject value           resource
---------------------------------------------------------------
- group readers (2)
        cms.articles
                LIST
                READ
                UPDATE          opinions
- group writers (1)
        cms.articles
                CREATE
                DELETE
                LIST
                READ
                UPDATE

You can remove a right with the sub-command remove, by indicating the subject, the group of users, the value (and the resource if needed)


$ php jelix.php aclright remove  2 "cms.articles" UPDATE "opinions"

Now you can use jAcl::check() in your application to check rights in different circumstance.

Table

  • jacl_rights
« jAcl.db concepts ^ jAcl : old rights management
Switch to language: FR
This manual is distributed under the terms of licence Creative Commons by-nc-sa 3.0. Therefore you're allowed to copy, modify and distribute and transmit it publicly under the following conditions: Attribution, Noncommercial, Share Alike.