Config
Thursday, July 27, 2017 1:04 PMIn a previous page you can see the structure of AuthUser
and all defined
ability of user. Now under the structure you can see some keys, so the detail
information about that keys is follow.
Config
This is 1st level of Access. Here all the configuration level manipulation will be done, like user_id, user_role etc.
-
col_user_id :
DB
column name of primary key. -
col_role :
DB
column name of role. -
col_user_permissions :
DB
column name of __permission. - user_model : Path to your User model.
- role_model : Path to your Role model.
Rules
A Rule is a way to allow or deny a User to perform an Action on a Resource. Some key point included in rule explain in details below.
-
Allow
- The allow applies a Rule to a user, that allows the user to perform an action on a Resource.
- The allow access ids under it. Ex.
'allow' => ['*']
. The * is the access ids. - Low priority as compare to deny.
-
Deny
- The deny applies a Rule to a user, that deny the user to perform an action on a Resource.
- The deny access ids under it. Ex.
'deny' => ['user.delete']
. The ‘user.delete’ is the access ids but this is not allow to user to delete it. - High priority as compare to allow.
Roles
A user role basis permission handle here. This is a 3rd level of access. You can add your route name or zones in allow and deny array. This will check if logged in user role and then it will allow or deny action on resource basis of permission.
Users
A Users array is a basis on a id
of a user, here you can define multiple
nested level array as per user id
. This is 2nd level of access, here also
you can add your route name in allow or deny array as per your requirement. When a user
is logged in then it will allow or deny action on resource basis of permission which is
write here.
Conditions
Conditions
Check the dynamic conditions. If you have some specific situation
which is not handle by above array then you can write your logic here. It is a 5th level
of access. This logic will be perform on access_ids
and your 'condition'.
Here you can add a callback function and write some logic here.
- access_ids - Define the access ids.
- condition – Write here your logic for dynamic conditions, It’s a callback function.
Dynamic Access Zones
you can create your multiple route ids and its dependencies in one zone. eg. if you have user component and user component have multiple actions like list, add, edit, delete and all actions have routes and then you have to write those route ids in above array multiple times, to avoid repetitiveness in a code you can create zones of multiple ids and add these zones in your required place.
-
'dynamic_access_zones' : It is a array of multiple zones. In above array define a zone in that give a zone title and ‘access_ids’.
-
'access_ids' : It’s a array of multiple route ids (name). You can also use asteric (). Example - ‘account.test.write.’. In this example If you access above zone then it will check if logged in user have permission to access all the access ids define in this zone.
-
'dependencies' : This is a array for defining dependencies of above access ids. For example –
account.test.write.*
this route dependency isaccount.test.list
. If user have permission to add account then user automatically have permission for view a list.
So this is a way of defining ability of user (permissions) static & dynamic
permission. The ability define base of roles, user id, also define dynamically using
permissions_json
column we need to define column in users table in DB &
save zone id for that user.
In a zone multiple route id can define and its dependencies are defined.