Check if the user should be allowed to execute the specified controller, and optionally the specified action.
If $action is not given, it will check if the user has access to at least one action defined for the specified controller.
bool
access
(mixed $user, string $controller, [string $action = null])
-
mixed
$user: If not an array, it will be used as the user identifier, otherwise it will look for an index "id" in the array
-
string
$controller: Controller (e.g: 'Posts')
-
string
$action: Action (e.g: 'view')
Assign groups to a user. Any groups that are already assigned to the specified user but are not included in $groups will be unassigned.
bool
assignGroup
(mixed $user, [array $groups = array()])
-
mixed
$user: If not an array, it will be used as the user identifier, otherwise it will look for an index "id" in the array
-
array
$groups: Groups to assign (their identifiers)
Assign groups to an object. Any groups that are already assigned to the specified object but are not included in $groups will be unassigned.
bool
assignGroupObject
(string $section, mixed $object, [array $groups = array()], [string $type = 'ARO'])
-
string
$section: Section to which the object belongs to.
-
mixed
$object: If not an array, it will be used as the object identifier, otherwise it will look for an index "id" in the array
-
array
$groups: Groups to assign (their identifiers)
-
string
$type: Object type (ARO or AXO)
Lookup ACL to see if access should be granted.
bool
checkAcl
(string $aroSection, string $aroValue, string $acoSection, string $acoValue, string $axoSection, string $axoValue)
-
string
$aroSection: ARO section (e.g: 'user')
-
string
$aroValue: ARO value (e.g: '1')
-
string
$acoSection: ACO section (e.g: 'access')
-
string
$acoValue: ACO value (e.g: 'execute')
-
string
$axoSection: AXO section (e.g: 'controller.posts')
-
string
$axoValue: AXO value (e.g: 'view')
Delete a controller.
bool
delController
(string $controller)
-
string
$controller: Controller to delete (e.g: Posts)
Delete a group and optionally its children (or set them to belong to the root group)
bool
delGroup
(mixed $group, [bool $reparent = true], [string $type = 'ARO'])
-
mixed
$group: If not an array, it will be used as the identifier value, otherwise it will look for an index "id" in the array
-
bool
$reparent: If true, children of this group will become child of this group's parent, otherwise they'll be deleted.
-
string
$type: Group type (ARO or AXO)
Delete an ACO/ARO/AXO object.
bool
delObject
(string $section, string $value, [string $type = 'ACO'], [bool $recursive = true])
-
string
$section: Section identifier (e.g: access)
-
string
$value: Object identifier (e.g: execute)
-
string
$type: Type of section (valid values: ACO, ARO, AXO; defaults to ACO)
-
bool
$recursive: Remove referencing objects if true, leave them alone otherwise.
Delete permissions associated to a group.
bool
delPermissions
(mixed $group, [array $ids = null])
-
mixed
$group: If not an array, it will be used as the identifier value, otherwise it will look for an index "id" in the array
-
array
$ids: Only delete these specific ACLs
Delete an ACO/ARO/AXO section.
bool
delSection
(string $section, [string $type = 'ACO'], [bool $recursive = true])
-
string
$section: Section identifier (e.g: access)
-
string
$type: Type of section (valid values: ACO, ARO, AXO; defaults to ACO)
-
bool
$recursive: Remove referencing objects if true, leave them alone otherwise.
Delete a user.
bool
delUser
(mixed $user)
-
mixed
$user: If not an array, it will be used as the user identifier, otherwise it will look for an index "id" in the array
Returns all AXO protectable elements grouped by their AXO group, and AXO section. It returns an array, for each AXO group, of the form:
array ( 'id' => 'group_id', 'name' => 'group_name', 'children' => array ( [multiple] => array ( 'value' => 'section_value', 'name' => 'section_name', 'children' => array( [multiple] => array( 'value' => 'object_value', 'name' => 'object_name' ) ) ) ) )
array
getAXOs
()
Get all actions defined for the specified controller in GACL. Returns an array of indexed elements, where each element is of the form ( 'value' => the object value for the action, 'name' => the descriptive name ).
If $real is set to true it will instead return an array of actions defined in the controller.
array
getControllerActions
(string $controllerName, [bool $real = false], [string $controllerPath = CONTROLLERS])
-
string
$controllerName: The controller name (e.g: Posts)
-
bool
$real: If set to true, get actions defined in the controller class instead (defaults to false)
-
string
$controllerPath: Path where the controller can be found (defaults to CONTROLLERS)
Get all available controllers defined in GACL or the application. Returns an array of indexed elements, where each element is of the form ( 'value' => the section value for the controller, 'name' => the descriptive name ). If $real is set to true it will also give the 'path' for each controller.
array
getControllers
([bool $real = false])
-
bool
$real: If set to true, get all controllers defined in the CakePHP application instead (defaults to false)
Get the available groups as an indexed threaded array.
array
getGroups
([string $type = 'ARO'], [ $flat = false])
-
string
$type: Group type (ARO or AXO)
-
$flat
Get the groups assigned to an object.
mixed
getObjectGroups
(string $section, mixed $object, [string $type = 'ARO'], [bool $onlyId = false])
-
string
$section: Section to which the object belongs (example: 'user')
-
mixed
$object: If not an array, it will be used as the object identifier, otherwise it will look for an index "id" in the array
-
string
$type: Object type (ARO or AXO)
-
bool
$onlyId: Only get internal group IDs (defaults to false)
Get ACO/ARO/AXO objects for a section as an array where each element is of the form 'value' => value of the object, 'name' => name.
array
getObjects
(string $section, [string $type = 'ACO'])
-
string
$section: Section to which the object belongs to
-
string
$type: Type of section (valid values: ACO, ARO, AXO; defaults to ACO)
Get permissions associated to a group. The result (on success) will be an array of permissions, each
permission being an associative array containing the indexes:
- id: id of the permission (useful for editing)
- allow: boolean value, indicating if permission is allowed (true) or denied (false)
- type: an associative array of ACO sections (access category) => array of ACO objects (access types)
- elements: an associative array of controllers => array of actions
array
getPermissions
(mixed $group, [bool $cahngeControllerValues = true])
-
mixed
$group: If not an array, it will be used as the identifier value, otherwise it will look for an index "id" in the array
-
bool
$cahngeControllerValues: Set to true if those AXO sections that are controllers should be named as CakePHP controllers (defaults to true)
Get ACO/ARO/AXO sections as an array where each element is of the form 'value' => value of the section, 'name' => name.
If $includeObjects is set to true, it will also include all objects belonging to this section on an index called 'objects'
array
getSections
([string $type = 'ACO'], [bool $includeObjects = false])
-
string
$type: Type of section (valid values: ACO, ARO, AXO; defaults to ACO)
-
bool
$includeObjects: Also include assigned objects for each section.
Get the groups assigned to a user.
mixed
getUserGroups
(mixed $user)
-
mixed
$user: If not an array, it will be used as the user identifier, otherwise it will look for an index "id" in the array
Imports all controllers and its actions into GACL.
bool
importControllers
([string $path = null])
-
string
$path: Only look for controllers here (defaults to null, which makes it look wherever there could be a controller)
Initializes the component, checking if it needs to check ACL access to current controller/action. To do the check (if necessary) it calls _check()
void
initialize
( &$controller, mixed $controller)
-
mixed
$controller: Controller using the component
-
&$controller
Install phpGACL data if it has not been already installed.
bool
install
()
Tell if phpGACL is installed.
bool
isInstalled
()
Adds a permission to a group. You can specify $axoArray as just one AXO section (e.g: 'Posts') on which case all AXO objects for that section will be included; as an array with more than one AXO sections; or as an array where elements are of the form AXO section => AXO objects, where objects is itself an array.
Example valid values for $axoArray:
'controller.posts': allow access to all actions in controller Posts. array ('controller.posts', 'controller.users'): allow access to all actions in controllers Posts and Users. array ('controller.posts', 'controller.users' => 'view'): allow access to all actions in controller Posts, and only action view in controller Users. array ('controller.posts', 'controller.users' => array('index', 'view')): allow access to all actions in controller Posts, and actions index and view in controller Users.
bool
saveAcl
(string $group, array $acos, array $axoArray, [bool $allow = true], [int $id = null])
-
string
$group: Group identifier.
-
array
$acos: Associative array in the form of [ACO section] => array of [ACO Objects]. Eg: 'access' => array('execute')
-
array
$axoArray: Associative array in the form of [AXO section] => array of [AXO objects]. Eg: 'controller.posts' => array('index')
-
bool
$allow: Type of permission, true to allow, false to deny (defaults to true)
-
int
$id: ID of the permission (if editing), defaults to null
Add a controller to the GACL system. It will add the controller (if it hasn't been already added) and its actions (whichever actions were not previously added).
bool
saveController
(string $controllerName, [array $actions = null], [string $controllerPath = CONTROLLERS])
-
string
$controllerName: The controller name (e.g: Posts)
-
array
$actions: Only add this specific set of actions (defaults to all actions defined in controller)
-
string
$controllerPath: Path where the controller can be found (defaults to CONTROLLERS)
Edit or Add an ARO/AXO group.
bool
saveGroup
(mixed $group, [string $name = null], [mixed $parent = null], [string $type = 'ARO'], [int $groupId = null], [int $groupParentId = null])
-
mixed
$group: If not an array, it will be used as the identifier value, otherwise it will look for an index "id" in the array
-
string
$name: The descriptive name for the group (must be unique)
-
mixed
$parent: Set null for root (defaults to root). Identifier of its parent. If not an array, it will be used as the identifier value, otherwise it will look for an index "id" in the array
-
string
$type: Group type (ARO or AXO)
-
int
$groupId: Set to group's inernal ID (defaults to null, which makes it look the ID by its $group value)
-
int
$groupParentId: Set to group's inernal ID (defaults to null, which makes it look the ID by its $parent value)
Add or edit an ACO/ARO/AXO object to a section.
bool
saveObject
(string $section, string $value, string $name, [string $type = 'ACO'], [int $objectId = null])
-
string
$section: Section identifier (e.g: access)
-
string
$value: Object identifier (e.g: execute)
-
string
$name: Descriptive name for the section (e.g: Execute)
-
string
$type: Type of section (valid values: ACO, ARO, AXO; defaults to ACO)
-
int
$objectId: Edit this object (ID is phpGACL's internal id, otherwise use $value to find object)
Saves a permission for a controller to a group. You can specify $controllers as just one controller (e.g: 'Posts') on which case all actions for that controller will be included; as an array with more than one controller; or as an array where controllers are of the form controller => actions, where actions is itself an array.
Example valid values for $controllers:
'Posts': allow access to all actions in controller Posts. array ('Posts', 'Users'): allow access to all actions in controllers Posts and Users. array ('Posts', 'Users' => 'view'): allow access to all actions in controller Posts, and only action view in controller Users. array ('Posts', 'Users' => array('index', 'view')): allow access to all actions in controller Posts, and actions index and view in controller Users.
bool
savePermission
(string $group, mixed $controllers, [bool $allow = true], [int $id = null])
-
string
$group: Group identifier.
-
mixed
$controllers: A string identifying controller, or array of controllers/actions.
-
bool
$allow: Type of permission, true to allow, false to deny (defaults to true)
-
int
$id: ID of the permission (if editing), defaults to null
Add or edit an ACO/ARO/AXO section.
bool
saveSection
(string $section, string $name, [string $type = 'ACO'], [int $sectionId = null])
-
string
$section: Section identifier (e.g: model)
-
string
$name: Descriptive name for the section (e.g: Models)
-
string
$type: Type of section (valid values: ACO, ARO, AXO; defaults to ACO)
-
int
$sectionId: Edit this specific section (ID is phpGACL's ID for the section, defaults to empty, which means it should look based on its $section value)
Edit or Add a user.
bool
saveUser
(mixed $user, [string $name = null], [int $userId = null])
-
mixed
$user: If not an array, it will be used as the user identifier, otherwise it will look for an index "id" in the array
-
string
$name: The descriptive name for the user
-
int
$userId: Used to specify internal ID (defaults to null, which means record will be located by using $user)
Sets the controller.
void
setController
( &$controller, mixed $controller)
-
mixed
$controller: Controller using the component
-
&$controller
Starts up the component.
void
startup
( &$controller, mixed $controller)
-
mixed
$controller: Controller using the component
-
&$controller