php tackle documentation
DESCRIPTION
Tackle Manual: PHP ACL pluginTRANSCRIPT
tackle Documentation
tackle - Tiny ACL Authentication Library for PHPCopyright (C) 2002 ars Cognita, Inc.
$Author: richtl $ $Revision: 1.7 $
Updates and information for this project can always be found at http://tackle.sourceforge.net.
Contents
Introduction o License o Requirements o Installation o Using Tackle (an example)
o Tackle Objects: Members, Groups, Resources, and Actions Authorization Shortcuts
o tackle_authorizedMember o tackle_authorizedGroup
General Methods o tackle o close o changeIdent o changeDescr o enable o disable
Member Methods o createMember o removeMember o memberships o authorizedMember
Group Methods o createGroup o removeGroup o removeGroupMembers o addToGroup o removeFromGroup
o linkGroupToParent o unlinkGroupFromParent o parentGroup o authorizedGroup
Resource Methods
o createResource o removeResource o linkResourceToParent o unlinkResourceFromParent o removeResourceActions
Action Methods o createAction o removeAction
Permission Methods o addPermission o changePermission o removePermission o authorizedRequestor
Introduction
Tackle is a small drop-in ACL permissions class for PHP. It is designed to be small, flexible, simple to deploy and use, and database independent (using the ADOdb Database Library). The system itself is based upon the concept of requestors (users or groups) being granted or denied access to actions on resources. Currently you--the programmer--define the members, groups, actions, resources, and permissions using the tackle API. This is an easy process, but obviously lacking. An upcoming revision will include a simple template-based interface for managing requestors, resources, and permissions.
Tackle is a small ACL authentication module for PHP applications. It is designed to have a low profile and be easy to implement and use.The system itself is based upon the concept of requestors (users or groups) being granted or denied access to actions on resources. Currently you--the programmer--define the members, groups, actions, resources, and permissions using the tackle API. This is an easy process, but obviously lacking. An upcoming revision will include a simple template-based interface for managing requestors, resources, and permissions.
Features:
Installs easily. Only requires a few database tables and an include file. Works with any database supported by the ADOdb Database Library. Create and manage objects and permissions with a simple API. Embeds quickly into existing or new PHP applications. Independently manage members and groups. Groups can be hierarchical and support
inheritance. Independently manage resources and actions on those resources. Resources can be
hierarchical and support inheritance.
What's New This Version
0.7.8 Improved configuration, installation, and added a patch to replace the (oddly missing) recursive permissions code that was originally added in 0.7.7.
Configuration now uses a file called tackle.ini; config.inc has been deprecated. Although config.inc will be used if it's there, you should configure the tackle.ini file and delete your config.inc.
Added install and uninstall scripts using adodb-xmlschema. o To install tackle in an existing database, edit the tackle.ini file for your connection
information and then browse to the tackle/setup/install_tackle.php. o To remove tackle from an existing database, browse to
tackle/setup/uninstall_tackle.php. The authorizedRequestorByObjid method now works recursively. (I.e., children now
inherit authorization from their parents.) There's now an example file. Look at example.php for help using Tackle.
0.7.7 General fixes and improvements. The API is more solid.
Added parentGroup method to return the objid of a group's parent group. Added authorizedRequestorByObjid method. authorizedRequestor method is now just a
wrapper. Added (recursive) authorizedGroupByObjid method. authorizedGroup is now just a
wrapper. AuthorizedMember now checks all memberships (recursively, of course.)
0.7.6 Initial release to the public. Permissions aren't really sophisticated enough yet: currently, a member is authorized if they or their group or a parent group is authorized. Needs more of an ACL-like behavior. I.e., Child group overrides parent group permissions, member overrides group permissions, etc.
Next steps:
Improve permissions layering. Implement basic plugin interface for extensions. Provide HTML interfaces for managing requestors, resources, and permissions. Add basic login/validation functionality. Add plugin-based login/validation functionality in order to integrate to existing LDAP,
NT Domain, PAM, etc.
License
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Requirements
PHP 4.x or above ADOdb Database Library 2.x or above
Tackle is officially tested on a stock Linux Mandrake 9.0 server using PostgreSQL.
Installation
Overview: Uncompress the package in a directory that is in your PHP include path. Optionally, you can add the location of the tackle.inc file to the "include_path" entry in your php.ini. Even more optionally, you can simply provide a full path to the tackle.inc file when you include it in your own application.
Edit the tackle config.inc file for your environment. First, make sure ADODB_PATH points to the directory that contains the adodb.inc.php file provided by ADOdb (see ADOdb Database Library). Next, populate the database connection information. The DB_PLATFORM value should be a driver name from the ADOdb database drivers list. ("mysql" or "postgres7" are good bets.)
If your application uses its own database, run the appropriate create script to create the tackle database structure. If your application doesn't require its own database, create a database for tackle and run the appropriate database create script.
For mysql:
1. mysqladmin create tackle 2. mysql tackle <install_tackle.sql
For postgresql
1. createdb tackle 2. pgsql -Uuser tackle -f install_tackle.sql
Include tackle.inc somewhere near the top of your PHP application.
Installation Summary
1. Make sure the ADOdb Database Library is installed. (There are RPMs available for several Linux distributions available at rpmfind.net.
2. Uncompress the tackle package. 3. Make sure PHP or your application knows where to include tackle.inc.
4. Edit config.inc to point to ADOdb. If necessary, configure your database connection as well.
5. Run the appropriate database creation script from the setup directory. 6. Include tackle.inc in your application.
Using Tackle
Usage Summary
1. Create a tackle object.2. Create some requestors, resources, and actions. 3. Create permissions. 4. Authenticate users.
Example
<?PHPrequire_once( "../tackle/tackle.inc" );// Tackle will automatically include ADOdb.
// your application here...
// Let's create some resources and actions$t = new tackle();
// You can over-ride the config.inc connection information by using// $t = new tackle( FALSE, 'postgres7', 'localhost', 'tackleapp', 'tackleuser', 'tacklepw' );
// Turn on ADOdb's database-level debugging by using// $t = new tackle( TRUE );
if ( $t->createResource( "article" ) ) {$t->createAction( "article", "view" );$t->createAction( "article", "add" );}if ( $t->createResource( "user" ) ) {$t->createAction( "user", "add" );$t->createAction( "user", "change" );$t->createAction( "user", "remove" );}
// Now for some requestors: groups and members$t->createGroup( "anonymous", "Anonymous Users" );$t->createGroup( "registered", "Registered Users" );$t->createGroup( "admin", "Administrators" );
$t->createMember( "mjones" );$t->createMember( "msmith" );
// Add the members to groups.$t->addToGroup( "anonymous", "mjones" );$t->addToGroup( "registered", "msmith" );
// Finally, let's create some permissions$t->addPermission( "group", "anonymous", "article", "view", "ALLOW" );$t->addPermission( "group", "registered", "article", "add", "ALLOW" );$t->addPermission( "group", "admin", "user", "add", "ALLOW" );$t->addPermission( "group", "admin", "user", "change", "ALLOW" );$t->addPermission( "group", "admin", "user", "remove", "ALLOW" );
// We'll give msmith permission to remove users, even though he's not an admin.$t->addPermission( "member", "msmith", "user", "remove", "ALLOW" );
// Finally let's pretend we're in your code where some user (Mr. Jones) is trying to // add a new article:$user = "mjones";if ( ! tackle_authorizedMember( $user, "add", "article" ) {die( "We're very sorry $user; you don't have permission to add new articles." );}// Your article-adding code goes here.?>
Members, Groups, Resources, and Actions
Let's pretend we've built a web application to provide news to users. We will probably be concerned with the following sorts of permissions:
1. Everybody is allowed to view news articles.2. Only registered users can add news articles.3. Only admin users can add, change, or remove registered users.4. User jsmith, although not an admin, is allowed to remove registered users.
Members are the most granular objects to which we can assign permissions. In our example, jsmith is a member.
Groups provide a way to assign permissions to lots of members at once. We're going to need the following groups: everybody,users, and admins. Members and groups together are called requestors, because they request permission to access things.
Resources are the things requestors are requesting to do things to. In this case, “article” (requestors want to view or add articles) and “user” (requestors want to add, change, or remove users). Actions describe what requestors are actually trying to do with the resources: “view” or “add” articles, and “add,” “change,” or “remove” users.
Finally, permissions describe what specifically a requestor is may or may not do to a resource. The group “registered” is ALLOWED to perform the action “add” on the resource “article.” Note that any access that isn't specifically allowed, is denied.
The following table shows the objects and permissions used in our example:
Requestor Access Action
everybody (group) ALLOW view
registered (group) ALLOW add
admin (group) ALLOW add
admin (group) ALLOW change
admin (group) ALLOW remove
jsmith (member) ALLOW remove
Authorization Shortcuts
The authorization shortcuts provide an easy way to check a requestor's authorization within your program. These require only that
1. tackle.inc is included at the top of your code, and2. the database connection is configured in the configuration file (config.ini), and3. you have created some requestors, resources, actions, and permissions in the tackle
database.
These shortcuts do not require you to manually instantiate the tackle class.
tackle_authorizedMember
tackle_authorizedMember( $member, $action, $resource )
$member str Identity of requesting member
$action str Identity of action in question
$resource str Identify of resource in question
Returns TRUE if member is permitted access, FALSE if they are not.
Check if the member is authorized to access a given resource and action.
Examples:
require(“tackle.inc”);$user = 'elmer';if ( ! tackle_authorizedMember($user,'hunt','wabbits') ) die(“Sorry, $user is not allow to hunt wabbits!”);
Checks whether the $user is authorized to perform the action “hunt” on the resource “wabbits.” Read the “if” statement like “if $useris authorized to hunt wabbits then...”
tackle_authorizedGroup
tackle_authorizedGroup( $group, $action, $resource )
$group str Identity of requesting group
$action str Identity of action in question
$resource str Identify of resource in question
Returns TRUE if member is permitted access, FALSE if they are not.
Check if the group is authorized to access a given resource and action.
Examples:
require(“tackle.inc”);$group = 'hunter';if ( ! tackle_authorizedGroup($group,'hunt','ducks') ) die(“Sorry, members of $group are not allow to hunt ducks!”);
Checks whether $group is authorized to perform the action “hunt” on the resource “ducks.” Read the “if” statement like “if $group is authorized to hunt wabbits then...”
General Methods
tackle
tackle( $debug = FALSE, {$dbPlatform,} {$dbServer,} {$dbName,} {$dbUser,} {$dbPasswd,} {$adodbPath} )
$debug bool Enable or disable database-level debugging
$dbPlatform str ADOdb RDBMS identifier (http://php.weblogs.com/adodb_manual)
$dbServer str Database server hostname
$dbName str Name of tackle database
$dbUser str Database user login for tackle
$dbPasswd str Database user's password
$adodbPath str Not yet implemented
Create a tackle object. If you have configured the database connection information in the config.ini file, you do not need to specify the connection information here. Connection information specifiied during instantiation overrides the config.ini file.
Examples:
$acl = new tackle( true, postgres7, localhost, tackle, tackleuser, tacklepw );$acl = new tackle();
close
close()
Destroy a tackle object, freeing all its resources. This function is deprecated.
Examples:
$acl = new tackle();$acl->close();
changeIdent
changeIdent( $objType, $oldIdent, $newIdent )
$objType str Object type to act on (member, group, resource, or action)
$oldIdent str Current identity of object that will be affected
$newIdent str New identity of object
Change the identity field of an object.
Examples:
$acl = new tackle();$acl->changeIdent('member','jsmith','johnsmith');
Changes the identity of the member “jsmith” to “johnsmith.”
changeDescr
changeDescr( $objType, $ident, $descr )
$objType str Object type to act on (member, group, resource, or action)
$ident str Identity of object that will be affected
$descr str New description of object
Change the description field of an object.
Examples:
$acl = new tackle();$acl->changeDescr('group','admins','Administration Staff');
Changes the description of the group “admins” from whatever it was to “Administration Staff.”
enable
enable( $objType, $oldIdent )
$objType str Object type to act on (member, group, resource, or action)
$ident str Current identity of object that will be affected
Enable the specified object.
Examples:
$acl = new tackle();$acl->enable('member','jsmith');
Enables the member with the identity “jsmith.”
disable
disable( $objType, $oldIdent )
$objType str Object type to act on (member, group, resource, or action)
$ident str Current identity of object that will be affected
Disable the specified object.
Examples:
$acl = new tackle();$acl->disable('member','jsmith');
Disables the member with the identity “jsmith.”
Member Methods
createMember
createMember( $ident, {$descr,} {$enabled = TRUE} )
$ident str New member's identity
$descr str New member's description
$enabled bool New member is enabled (TRUE/FALSE)
Returns objid of the new member if successful, else returns FALSE.
Create a new member with the specified properties. If the description is unspecified it we be set to the identity.
Examples:
$acl = new tackle();$acl->createMember('bugs','Bugs Bunny');
Creates a new member with the identity “bugs” and the description “Bugs Bunny.”
$acl->createMember('daffy');
Creates a new member with the identity and description both “daffy.”
removeMember
removeMember( $ident )
$ident str Identity of member that will be affected
Returns TRUE if member no longer exists, else returns FALSE.
Remove the specified member from the database.
Examples:
$acl = new tackle();$acl->removeMember('daffy');
Removes the member with the identity “daffy” from the database.
memberships
memberships( $ident )
$ident str Identity of member
Returns Associative array containing the objids and identities (objid => identity) of the groups the specified member belongs to.
Return a list of all groups the specified member belongs to. The list is returned in the form of an associative array with the group's objid as the key and the group's identity as the value (objid=>identity).
Examples:
$acl = new tackle();$group = $acl->memberships('bugs');foreach( $group as $objid => $identity ) {
echo “$objid, $identity<BR>\n”;}
Lists all the groups Bugs belongs to:
12. wabbits 13. cartoons
authorizedMember
authorizedMember( $ident, $action, $resource )
$ident str Identity of member that will be affected
$action str Identity of action that will be tested
$resource str Identity of resource that the action belongs to
Returns TRUE if member is allowed access to the specified action and resource, else returns FALSE.
Checks whether the a member is permitted access to the specified action and resource. All groups the member belongs to are also tested for authorization.
Examples:
$acl = new tackle();if ($acl->authorizedMember('elmer','hunt','ducks')) {// Allow Elmer to hunt ducks} else {echo “Sorry Elmer, it's Wabbit season.<BR>\n”;}
Checks whether the member “elmer” is authorized to perform the action “hunt” on the resource “ducks.” Read the “if” statement like “if elmer is authorized to hunt ducks then...”
Group Methods
createGroup
createGroup( $ident, {$descr,} {$enabled = TRUE} )
$ident str New group's identity
$descr str New group's description
$enabled bool New group is enabled (TRUE/FALSE)
Returns objid of the new group if successful, else returns FALSE.
Create a new group with the specified properties. If the description is unspecified it we be set to the identity.
Examples:
$acl = new tackle();$acl->createGroup('looneytunes','Looney Tune Cartoon Characters');
Creates a new group with the identity “looneytunes” and the description “Looney Tune Cartoon Characters.”
$acl->createGroup('ducks');
Creates a new group with the identity and description both “ducks.”
removeGroup
removeGroup( $ident )
$ident str Identity of group that will be affected
Returns TRUE if group no longer exists, else returns FALSE.
Remove the specified group from the database after unlinking any related child groups and orphaning all group members.
Examples:
$acl = new tackle();$acl->removeGroup('bunnies');
Unlinks all groups that have the group 'bunnies” as a parent, removes all members of the “bunnies” group, and finally removes the group itself from the database.
removeGroupMembers
removeGroupMembers( $ident )
$ident str Identity of group
Returns TRUE if all members are successfully removed, else returns FALSE.
Removes all members from the specified group.
Examples:
$acl = new tackle();$acl->removeGroupMembers('bunnies');
Removes all members from the group with the identity “bunnies”.
addToGroup
addToGroup( $ident, $memberIdent )
$ident str Identity of group that will be affected
$memberIdent str Identity of member that will be added to the group
Adds a member to a group. The member then inherits all the permissions of the groups to which it belongs.
Examples:
$acl = new tackle();$acl->addToGroup('bunnies','bugs');
Adds the member “bugs” to the group “bunnies.”
removeFromGroup
removeFromGroup( $groupIdent, $memberIdent )
$groupIdent str Identity of group that will be affected
$memberIdent str Identity of member that will removed from the group
Removes a member to a group.
Examples:
$acl = new tackle();$acl->removeFromGroup('bunnies','bugs');
Removes the member “bugs” from the group “bunnies.”
linkGroupToParent
linkGroupToParent( $ident, $parentIdent )
$ident str Identity of group that will be affected
$parentIdent str Identity of group that will adopt this group
Link a group to a parent. The child group inherits all the characteristics of the parent, accept as over-ridden by the child. A group can only have one parent.
Examples:
$acl = new tackle();$acl->linkGroupToParent('bunnies','animals');
Makes the group “bunnies” a child of the group “animals.”
unlinkGroupFromParent
removeGroupChildren( $ident )
$ident str Identity of group that will be affected
Unlinks the specified group from its parent.
Examples:
$acl = new tackle();$acl->unlinkGroupFromParent('bunnies');
Assuming the group “bunnies” has the group “animals” as its parent, “bunnies” will become an orphan group with no parent.
parentGroup
parentGroup( $ident )
$ident str Identity of group
Returns objid of parent group, or NULL if there is no parent
Returns the objid of the groups parent, if it exists.
Examples:
$acl = new tackle();$parent = $acl->parentGroup('bunnies');
Assuming the group “bunnies” has the group “animals” as its parent, $parent will be set to "animals."
authorizedGroup
authorizedGroup( $ident, $action, $resource )
$ident str Identity of group that will be tested
$action str Identity of action that will be tested
$resource str Identity of resource that the action belongs to
Returns TRUE if group is allowed access to the specified action and resource, else returns FALSE.
Checks whether the a group is permitted access to the specified action and resource. All of the group's descendent's are also tested for authorization.
Examples:
$acl = new tackle();if ($acl->authorizedGroup('bunnies','eat','carrots')) {// Allow bunnies to eat carrots} else {echo “Sorry, bunnies are not permitted to eat carrots.<BR>\n”;}
Checks whether the group “bunnies” is authorized to perform the action “eat” on the resource “carrots.” Read the “if” statement like “if bunnies are authorized to eat carrots then...”
Resource Methods
A resource is the object a requestor acts upon.
createResource
createResource( $ident, {$descr,} {$enabled = TRUE} )
$ident str New resource's identity
$descr str New resource's description
$enabled bool New resource is enabled (TRUE/FALSE)
Returns objid of the new resource if successful, else returns FALSE.
Create a new resource with the specified properties. If the description is unspecified it we be set to the identity.
Examples:
$acl = new tackle();$objid = $acl->createResource('carrots');
Creates a new group with the identity and description both “ducks.”
removeResource
removeResource( $ident )
$ident str Identity of resource that will be affected
Returns TRUE if resource no longer exists, else returns FALSE.
Remove the specified resource from the database after unlinking any related child resources and deleting all the resource's actions.
Examples:
$acl = new tackle();$acl->removeResource('carrrots');
Unlinks all resources that have the resource 'carrots” as a parent, removes all actions attached to the “carrots” resource, and finally removes the resource itself from the database.
linkResourceToParent
linkResourceToParent( $ident, $parentIdent )
$ident str Identity of resource that will be affected
$parentIdent str Identity of resource that will adopt this resource
Link a resource to a parent. The child resource inherits all the characteristics of the parent, accept as over-ridden by the child. A resource can only have one parent.
Examples:
$acl = new tackle();$acl->linkResourceToParent('carrots','food');
Makes the resource “carrots” a child of the group resource food.”
unlinkResourceFromParent
removeResourceChildren( $ident )
$ident str Identity of resource that will be affected
Unlinks the specified resource from its parent.
Examples:
$acl = new tackle();$acl->unlinkResourceFromParent('carrots');
Assuming the resource “carrots” has the resource “food” as its parent, “carrots” will become an orphan resource with no parent.
removeResourceActions
removeResourceActions( $ident )
$ident str Identity of resource that will be affected
Removes (and deletes) all actions belonging to the specified resource. Also removes all permissions related to the specified actions.
Examples:
$acl = new tackle();$acl->removeResourceActions('carrots');
Assuming the resource “carrots” has actions “eat” and “harvest,” both actions will be deleted and “carrots” will have no actions.
Action Methods
An action describes what a requestor (a member or group) may or may not be allowed to do with a resource. For example, if Bugs Bunny is allowed to eat carrots, the requestor is Bugs, the resource is carrots, and the action is eat. If hunters are not allowed to hunt ducks, the requestor is hunters, the resource is ducks, and the action is hunting.
Actions can not exists on their own; every action must be linked to exactly one resource. A resource can have zero or more actions, although a resource with no actions can't be used as part of a permission.
createAction
createAction( $resourceIdent, $actionIdent, {$descr,} {$enabled = TRUE} )
$resourceIdent str Identity of resource that owns this action
$actionIdent str Identity for the new action
$descr str New resource's description
$enabled bool New resource is enabled (TRUE/FALSE)
Returns identity of the new action if successful, else returns FALSE.
Create a new new action for the specified resource. If the description is unspecified it we be set to the identity.
Examples:
$acl = new tackle();$objid = $acl->createResource('carrots');
Creates a new group with the identity and description both “ducks.”
removeAction
removeAction( $actionIdent, $resourceIdent )
$actionIdent str Identity of resource that will be affected
$resourceIdent str Identity of resource the action refers to
Returns TRUE if action no longer exists, else returns FALSE
Remove the specified action from the database.
Examples:
$acl = new tackle();$acl->removeAction('eat','carrrots');
Removes action “eat” that is attached to the resource “carrots.”
Permission Methods
addPermission
addPermission( $reqType, $reqIdent, $resourceIdent, $actionIdent, {$permit = ALLOW,} {$status = ENABLED} )
$reqType str Type of requestor (“member” or “group”)
$reqIdent str Identity of requesting member or group
$resourceIdent str Identity of resource
$actionIdent str Identify of action linked to the specified resource
$permit str Permission (“ALLOW” or “DENY”)
$status str Status of permission (“ENABLED” or “DISABLED”)
Create a new permission, allowing or denying the specified requestor (member or group) access to the specified resource and action. If a permission with the specified requestor, resource, and action already exists, the existing permission will be updated with the new permit and status values.
Examples:
$acl = new tackle();$acl->addPermission('group','bunnies','carrrots','eat','ALLOW');
Adds a new entry to the access control list allowing all bunnies permission to eat carrots.
changePermission
changePermission( $reqType, $reqIdent, $resourceIdent, $actionIdent, {$permit = ALLOW,} {$status = ENABLED} )
$reqType str Type of requestor (“member” or “group”)
$reqIdent str Identity of requesting member or group
$resourceIdent str Identity of resource
$actionIdent str Identify of action linked to the specified resource
$permit str Permission (“ALLOW” or “DENY”)
$status str Status of permission (“ENABLED” or “DISABLED”)
Wrapper for addPermission. Updates an existing permission with new permit and status values.
Examples:
$acl = new tackle();$acl->changePermission('group','bunnies','carrrots','eat','DENY');
Updates the existing entry in the access control list denying all bunnies permission to eat carrots.
removePermission
removePermission( $reqType = *, $reqIdent = *, $resourceIdent = *, $actionIdent = * )
$reqType str Type of requestor (“member” or “group”)
$reqIdent str Identity of requesting member or group
$resourceIdent str Identity of resource
$actionIdent str Identify of action linked to the specified resource
Removes the permission with the specified characteristics from the database. To ignore a parameter, pass it an asterisk as a string (see the usage examples).
reqType reqIdent resource action Result
* * wabbits hunt All permissions with the resource "wabbits" and the action "hunt" are deleted.
* elmer wabbits huntAll permissions with the resource "wabbits" and the action "hunt" are deleted.Because reqType isn't specified, reqIdent is ignored.
group * wabbits huntAll permissions with the resource "wabbits" and the action "hunt" are deleted.Because reqIdent isn't specified, reqType is ignored.
* * wabbits hunt All permissions with the resource "wabbits" and the action "hunt" are deleted.
* * wabbits * All permissions with the resource "wabbits" are deleted.
* * * huntNo permissions are deleted.Because resource isn't specified, action is ignored (can't have an action without a resource).
member elmer * * All permissions with the member "elmer" are deleted.
member elmer wabbits * All permissions with the member "elmer" and resource "wabbits" are deleted.
group hunters wabbits hunt All permissions with the group "hunters," resource "wabbits," and action "hunt" are deleted.
group hunters * huntAll permissions with the group "hunters" are deleted.Because resource isn't specified, action is ignored (can't have an action without a resource).
* * * * All permissions are deleted (The permissions list is cleared. Use with care!)
Examples:
$acl = new tackle();$acl->removePermission('group','bunnies','carrrots','eat');
Removes the access control entry relating the group “bunnies” to action and resource “eat” “carrots.” Bunnies no longer have any specified permissions to eat or not eat carrots. $acl->removePermission('*','*','carrrots');
Removes every access control entry that contains the resource "carrots." $acl->removePermission('member','daffy');
Removes every access control entry that contains the member "daffy."
authorizedRequestor
addPermission( $reqType, $reqIdent, $actionIdent, $resourceIdent )
$reqType str Type of requestor (“member” or “group”)
$reqIdent str Identity of requesting member or group
$actionIdent str Identity of action in question
$resourceIdent str Identify of resource in question
Returns TRUE if requestor is permitted access, FALSE if they are not.
Check if the specified requestor (a member or group) is authorized to access a given resource and action.
Examples:
$acl = new tackle();if ( $acl->authorizedRequestor('member','elmer','hunt','wabbits') ) {// It's wabbit season} else {// It's duck season
echo “Sorry, wabbit hunting is not allowed at this time.<BR>\n”;}
Checks whether the member “elmer” is authorized to perform the action “hunt” on the resource “wabbits.” Read the “if” statement like “if elmer is authorized to hunt wabbits then...”