Examples

The following is a list of common use-case examples for Zend\Permission\Rbac.

Roles

Extending and adding roles via instantiation.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
 <?php
 use Zend\Permissions\Rbac\Rbac;
 use Zend\Permissions\Rbac\AbstractRole;

 class MyRole extends AbstractRole
 {
     // .. implementation
 }

 // Creating roles manually
 $foo  = new MyRole('foo');

 $rbac = new Rbac();
 $rbac->addRole($foo);

 var_dump($rbac->hasRole('foo')); // true

Adding roles directly to RBAC with the default Zend\Permission\Rbac\Role.

1
2
3
4
5
6
7
 <?php
 use Zend\Permissions\Rbac\Rbac;

 $rbac = new Rbac();
 $rbac->addRole('foo');

 var_dump($rbac->hasRole('foo')); // true

Handling roles with children.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
 <?php
 use Zend\Permissions\Rbac\Rbac;
 use Zend\Permissions\Rbac\Role;

 $rbac = new Rbac();
 $foo  = new Role('foo');
 $bar  = new Role('bar');

 // 1 - Add a role with child role directly with instantiated classes.
 $foo->addChild($bar);
 $rbac->addRole($foo);

 // 2 - Same as one, only via rbac container.
 $rbac->addRole('boo', 'baz'); // baz is a parent of boo
 $rbac->addRole('baz', array('out', 'of', 'roles')); // create several parents of baz

Permissions

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
 <?php
 use Zend\Permissions\Rbac\Rbac;
 use Zend\Permissions\Rbac\Role;

 $rbac = new Rbac();
 $foo  = new Role('foo');
 $foo->addPermission('bar');

 var_dump($foo->hasPermission('bar')); // true

 $rbac->addRole($foo);
 $rbac->isGranted('foo', 'bar'); // true
 $rbac->isGranted('foo', 'baz'); // false

 $rbac->getRole('foo')->addPermission('baz');
 $rbac->isGranted('foo', 'baz'); // true

Dynamic Assertions

Checking permission using isGranted() with a class implementing Zend\Permissions\Rbac\AssertionInterface.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 <?php
 use Zend\Permissions\Rbac\AssertionInterface;
 use Zend\Permissions\Rbac\Rbac;

 class AssertUserIdMatches implements AssertionInterface
 {
     protected $userId;
     protected $article;

     public function __construct($userId)
     {
         $this->userId = $userId;
     }

     public function setArticle($article)
     {
         $this->article = $article;
     }

     public function assert(Rbac $rbac)
     {
         if (!$this->article) {
             return false;
         }
         return $this->userId == $article->getUserId();
     }
 }

 // User is assigned the foo role with id 5
 // News article belongs to userId 5
 // Jazz article belongs to userId 6

 $rbac = new Rbac();
 $user = $mySessionObject->getUser();
 $news = $articleService->getArticle(5);
 $jazz = $articleService->getArticle(6);

 $rbac->addRole($user->getRole());
 $rbac->getRole($user->getRole())->addPermission('edit.article');

 $assertion = new AssertUserIdMatches($user->getId());
 $assertion->setArticle($news);

 // true always - bad!
 if ($rbac->isGranted($user->getRole(), 'edit.article')) {
     // hacks another user's article
 }

 // true for user id 5, because he belongs to write group and user id matches
 if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
     // edits his own article
 }

 $assertion->setArticle($jazz);

 // false for user id 5
 if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
     // can not edit another user's article
 }

Performing the same as above with a Closure.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
<?php
// assume same variables from previous example

$assertion = function($rbac) use ($user, $news) {
    return $user->getId() == $news->getUserId();
};

// true
if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
    // edits his own article
}
Edit this document

Edit this document

The source code of this file is hosted on GitHub. Everyone can update and fix errors in this document with few clicks - no downloads needed.

  1. Login with your GitHub account.
  2. Go to Examples on GitHub.
  3. Edit file contents using GitHub's text editor in your web browser
  4. Fill in the Commit message text box at the end of the page telling why you did the changes. Press Propose file change button next to it when done.
  5. On Send a pull request page you don't need to fill in text anymore. Just press Send pull request button.
  6. Your changes are now queued for review under project's Pull requests tab on GitHub.