Section: Configure jAcl2.db
| « jAcl2.db concepts | ^ jAcl2 : rights management | Use jAcl2 with jAuth » |
− Table of content
Before using jAcl2 API and its db driver, you have to setup a database and fill it with elements composing rights.
Installation ¶
jAcl2.db driver requires a database to work. You have to create it with the needed tables and setup a connection profile.
Connection configuration ¶
See the documentation about jDb setup.
If jAcl2 tables are not located in your default db profile, you should setup a
profile called jacl2_profile, or an alias jacl2_profile to an
existing profile. An example dbprofils.ini.php:
[default]
driver="mysql"
database="jelix"
host= "localhost"
user= "jelix"
password= "jelix"
persistent= on
force_encoding=true
[jacl2_profile]
driver="mysql"
database="rights"
host= "localhost"
user= "jelix"
password= "xilej"
persistent= on
force_encoding=true
jAcl2.db tables ¶
To create and initialise tables needed by the driver, you should install the module jacl2db.
In lib/jelix-scripts/ :
php jelix.php --myapp installmodule jacl2db
If you want to initialize rights for a first user/group named "admin":
php jelix.php --myapp installmodule -p defaultuser jacl2db
Once created, you can start configuring rights.
Rights configuration ¶
Now you configure jacl2db with its two dedicated commands: acl2group and
acl2right. Each one take a subcommand argument and following subcommand
parameters.
In the following examples, with take "myapp" as the name of the application. Change it of course by the name of your application.
Note that you have a module, jacl2db_admin, which allow you to do everything described below with an interface, except the creation of subjects.
Subjects creation ¶
In jAcl2 rights, you define subjects symbolizing a right value or concretely an operation.
Imagine a CMS where you want to define rights about articles. You could define right subjects for READ, LIST, CREATE, DELETE, UPDATE. Concretely:
- "cms.articles.read",
- "cms.articles.list",
- "cms.articles.create",
- "cms.articles.delete",
- "cms.articles.update"
Let's start by listing aleady existing subjects:
$ php jelix.php --myapp acl2right subject_list
You should start with an empty list:
----Liste des sujets
id label key
--------------------------------------------------------
A subject record is a pair of identifier/label key. label keys should be existing locale key identifiers.
Let's create your subjects:
$ php jelix.php --myapp acl2right subject_create "cms.articles.create" "cms~acl2.articles.create"
$ php jelix.php --myapp acl2right subject_create "cms.articles.update" "cms~acl2.articles.update"
$ php jelix.php --myapp acl2right subject_create "cms.articles.delete" "cms~acl2.articles.delete"
$ php jelix.php --myapp acl2right subject_create "cms.articles.list" "cms~acl2.articles.list"
$ php jelix.php --myapp acl2right subject_create "cms.articles.read" "cms~acl2.articles.read"
If you don't use jAcl2 in a module then the locale key selector is not required. Just put any string of yours.
After execution, you get:
----Subject creation
OK
The OK message is always echoed upon success of an Acl2 command. Let's list the subjects again:
$ php jelix.php --myapp acl2right subject_list
----Subject list
id label key
--------------------------------------------------------
cms.articles.create cms~acl2.articles.create
cms.articles.delete cms~acl2.articles.delete
cms.articles.list cms~acl2.articles.list
cms.articles.read cms~acl2.articles.read
cms.articles.update cms~acl2.articles.update
You can delete a subject with the following command:
$ php jelix.php --myapp acl2right subject_delete <subject id>
User group creation ¶
A jAcl2.db right is a combination of a subject and a user group. You have to create user groups. Use acl2group commmand.
Let's create a writers group for our users.
$ php jelix.php --myapp acl2group create "writers"
OK message is echoed followed by the new group id (1 here)
----Group creation
OK. Group id is: 1
Let's create a second group and make it the default one with -defaultgroup , ie. every new user will be added to this group.
$ php jelix.php --myapp acl2group -defaultgroup create "readers"
You can now list your groups with list:
$ php jelix.php --myapp acl2group list
----User group list
id label name default
--------------------------------------------------------
2 readers yes
1 writers
You can switch the "default" group with setdefault command:
$ php jelix.php --myapp acl2group setdefault 1 true
or
$ php jelix.php --myapp acl2group setdefault 1 false
Or change a group name with groupname:
$ php jelix.php --myapp acl2group changename 1 "authors"
Or delete a group with delete:
$ php jelix.php --myapp acl2group delete 1
Managing users into groups ¶
In groups, you should add users. To add a user, you should declare him:
$ php jelix.php --myapp acl2group createuser laurent
Note that it doesn't create the user into jAuth, just in jAcl2. A private group is created.
Then you can add him to a group. You should use the sub-command "adduser" and indicated the number of the group or its name.
$ php jelix.php --myapp acl2group adduser readers laurent
To remove a user from a group:
$ php jelix.php --myapp acl2group removeuser readers laurent
To see the list of users of a group:
$ php jelix.php --myapp acl2group userslist readers
To see the list of all users:
$ php jelix.php --myapp acl2group alluserslist
rights creation ¶
You have every needed elements to create a right. Let's go and execute acl2right command.
You want to add readers the right to read and list articles. Let's associate
readers group to cms.articles.list and cms.articles.read to readers
group whose id is 2:
$ php jelix.php --myapp acl2right add 2 "cms.articles.list"
$ php jelix.php --myapp acl2right add 2 "cms.articles.read"
Check rights list with list subcommand:
$ php jelix.php --myapp acl2right list
----Rights list
group subject resource
---------------------------------------------------------------
- anonymous group
- group readers (2)
cms.articles.list
cms.articles.read
Now, you want to deal with writers and give them all rights on cms.articles.
$ php jelix.php --myapp acl2right add 1 "cms.articles.list"
$ php jelix.php --myapp acl2right add 1 "cms.articles.read"
$ php jelix.php --myapp acl2right add 1 "cms.articles.create"
$ php jelix.php --myapp acl2right add 1 "cms.articles.delete"
$ php jelix.php --myapp acl2right add 1 "cms.articles.update"
Again, let's list all rights:
$ php jelix.php --myapp acl2right list
----Rights list
group subject value resource
---------------------------------------------------------------
- group readers (2)
cms.articles.list
cms.articles.read
- group writers (1)
cms.articles.create
cms.articles.delete
cms.articles.list
cms.articles.read
cms.articles.update
However in your CMS you have an "opinions" article which you want your readers to edit. you should add the right to update this specific article to readers group. Let's create a right on the resource "opinions" with @@c@add@ subcommand:
$ php jelix.php --myapp acl2right add 2 "cms.articles.update" "opinions"
checking of rights list:
$ php jelix.php --myapp acl2right list
----Rights list
group subject value resource
---------------------------------------------------------------
- group readers (2)
cms.articles.list
cms.articles.read
cms.articles.update opinions
- group writers (1)
cms.articles.create
cms.articles.delete
cms.articles.list
cms.articles.read
cms.articles.update
You can also remove a right, by passing a user group and a subject
similarly to create (and optionally a resource if one is involved).
Say you change your mind over "opinions" article, because there is too much crap ;-) :
$ php jelix.php --myapp acl2right remove 2 "cms.articles.update" "opinions"
Once all rights are injected, your application is able to work following your rights rules.
