phpGACL -  


 
         ?
         ?
           ?
        

          
             phpGACL
          
         
         phpGACL  ?
                 
         
          
         
         
           (AXO)

         
         
 phpGACL   
         
         
                  
                 API
                        ACL
                        Groups ()
                        Access Objects (ACO, ARO, AXO) ( )
                        Access Objects Section (  )









        

Mike Benoit (ipso@snappymail.ca)
James Russell (james-phpgacl@ps2-pro.com)
Karsten Dambekalns (k.dambekalns@fishfarm.de)
    (kuzma@russofile.ru) (http://php.russofile.ru)
Copyright  2002,2003, Mike Benoit
Copyright  2003, James Russell
Copyright  2003, Karsten Dambekalns
Document Version: 672
Last Updated: 5/20/03 - 18:55:08
phpGACL
 ?
PhpGACL    ,         (, ,     )   (, ,     ). 
          . 
   PHP (    phpGACL)     ,        . GACL  phpGACL     . 
 ?
PhpGACL   sourceforge.net  http://phpGACL.sourceforge.net/ 
   ?
PhpGACL         .             ADOdb (http://php.weblogs.com/adodb).         : PostgreSQL, MySQL, Oracle. 
 phpGACL    PHP,     PHP    4.2. ACL (   )  -,    -   PHP, , Apache (http://httpd.apache.org/). 

Mike Benoit (ipso@snappymail.ca)     . 
James Russel (james-phpgacl@ps2-pro.com)  
Karsten Dambekalns (k.dambekalns@fishfarm.de)   . 
Feskov Kuzma (kuzma@russofile.ru)    
    : http://php.russofile.ru 

  
          .      : , -, R2-D2  C3PO.         () , : ,  ,    . 
 :       , ,     ,    -    .    . 
  ,   ,    Boolean (),  ,       -      ,     . 
       , ,    -,       (O   , X   ): 

 /        
         O         O             O         O 
        O         O             O         X 
 -    X         O             X         X 
         X         O             X         X 
 R2D2       X         O             X         X
 C3PO       X         O             X         X


   ,      ,    ,          .   : 
 -   ()     .     ACO (Access Control Objects -   ); 
 -  (),  .    ARO (Access Request Objects -   ).     , ,   , AROs    ACOs. 
       AXO (Access eXtension Objects    ),      .           . 
 ,   ,  ,    : 
: 
          ,    ; 
 ,      .       . 
: 
     . 6   4    ,  ,        ,         ,         ?        ,            ; 
   .    ,       (  ),  ,    ? 

 /        
         O         O             O         O 
        O         X             O         X 
 -    X         O             X         X 
         O         O             O         X 
 R2D2       X         O             X         O
 C3PO       O         O             X         O

       ,     ,       . 
     phpGACL
,               .     ,    (     ,       )    ( ,      ).    phpGACL. 
PhpGACL         .  ,    ,      .     ,        ,          ,        . 
ARO-    AROs (  ).       .  - ,  - AROs. 
   ACL-     .       . ,      ,       . 
      
??                       
? ??                         ARO
? ??                        ARO
??                     
  ??-                     ARO
  ??                         ARO
  ??R2-D2                       ARO
  ??C3PO                        ARO
     ,   ,     ,      (AROs). 
   ,      (ACO) -   AROs  .  :              .        .        . 
  
??                       [ALLOW: ALL] (: )
? ??
? ??
??                     [ALLOW: Lounge] (:  )
  ??-
  ??
  ??R2D2
  ??C3PO
   ARO-,       . 
-,      ,     .      ,         (ALL      (,  ,    ).       . 
         .         ,      ,      ( ,        ,      ). 
: 
ACO (  )  ,       (  ,  ,    ); 
ARO (  )  ,    (, ,     ); 
ARO-      AROs.       AROs; 
        (DENY: ALL); 
   ,    ,      AROs   ACO,     . 
  
,     !            ! ,  ,     .      ,     .      : 
  
??                    [ALLOW: ALL] (: )
? ??
? ??                     [DENY: Engines] (:  )
??                  [ALLOW: Lounge] (:  )
  ??-
  ??
  ??R2D2
  ??C3PO
  ,         .       ,        . 
     ,     .           R2D2     .       ,       : 
  
??                    [ALLOW: ALL] (: )
? ??
? ??                     [DENY: Engines] (:  )
??                  [ALLOW: Lounge] (:  )
  ??-
  ??                      [ALLOW: Guns] (: )
  ??R2D2                     [ALLOW: Engines] (:  )
  ??C3PO
 
        ARO-. ,        .       ,    -           (,   ): 
  
??                    [ALLOW: ALL] (: )
? ??
? ??                     [DENY: Engines] (:  )
??                  [ALLOW: Lounge] (:  )
  ??                   [ALLOW: Cockpit] (: )
  ? ??-
  ? ??                    [ALLOW: Guns] (: ) 
  ??R2D2                     [ALLOW: Engines] (:  )
  ??C3PO
 phpGACL  ?
   (  phpGACL  )  ,  ,      -    X    Y?   phpGACL    :   ARO X    ACO Y? 
phpGACL ,               ,         .     ,           .        , ,        . 
 1.  :       ? 
    DENY (); 
    :    ->  ->  -> ; 
       :             ACO.  DENY (); 
 ,  -  ,       .     ALLOW (); 
    -          ; 
    -       -   ; 
    .    ALLOW (). 
 2.  :       ? 
    DENY (); 
    :    ->  -> ; 
       :             ACO.  DENY (); 
     -    -       -     ALLOW (); 
    -   ,   ,      .     DENY (); 
  ,   DENY (). 
  ,        ,        ().   (  )    ,      .    DENY ALL ( ). 
      ARO-: 
ARO-     AROs.     ,      ,       . , phpGACL     ARO  ACO   . ,        ,    DENY (); 
ARO-      ACO       ARO-. ,   ACO  .  ,  :       ?,    DENY (),    ARO-    .  ,   ARO-,  ACO    . 
 :    phpGACL        AROs (  ,     ). ,          ?    Boolean ( )  DENY / ALLOW ( / ),      - ,  R2D2  3PO . PhpGACL      . 
 
 ,  ACL    .    . ,   , ,    ,    ,        .       R2D2,        .        -,      ,    : 
 :                [DENY: ALL] (: )
  
??                    [ALLOW: ALL] (: )
? ??
? ??                     [DENY: Engines] (:  )
??                  [ALLOW: Lounge] (:  )
? ??                   [ALLOW: Cockpit] (: )
? ? ??-
? ? ??                    [ALLOW: Guns] (: ) 
? ??R2D2
? ??C3PO
??                   [ALLOW: Engines, Guns] (: ., )
  ??
  ??R2D2
     :        ,     ( ,       ).       ,  ,     .      .        . 
 ,   ,    R2D2      ACL.     .       : ,   R2D2       ,    . 
 
    ,       .      ,       .         ,     ,     . 
 :                 [DENY: ALL] (: )
  
??                     [ALLOW: ALL] (: )
? ??
? ??                      [DENY: Engines] (:  )
? ??
??                   [ALLOW: Lounge] (:  )
? ??                    [ALLOW: Cockpit] (: )
? ? ??-
? ? ??                     [ALLOW: Guns] (: ) 
? ??R2D2
? ??C3PO
??                    [ALLOW: Engines, Guns] (: ., )
  ??
  ??R2D2
  ??
         .       ,                 .  ,       ,   ,      . 
 
 ,       ? 
 :                 [DENY: ALL] (: )
  
??                     [ALLOW: ALL] (: )
? ??
? ??                      [DENY: Engines] (:  )
? ??
??                   [ALLOW: Lounge] (:  )
? ??                    [ALLOW: Cockpit] (: )
? ? ??-
? ? ??                     [ALLOW: Guns] (: ) 
? ??R2D2
? ??C3PO
??                    [ALLOW: Engines, Guns] (: ., )
  ??
  ??R2D2
  ??
  ??
       ,           .      ,    DENY (),       ,    ALLOW ().   ,     ? 
PhpGACL  ,    ARO  ,   ARO   ACO  .     . 
            ?,    ALLOW (),         (  phpGACL).     ALLOW,    ALLOW: Engines, Guns (:  , ),    ,   ,    DENY: Engines (:  )  . 
 ,  ACL  ,  ACL  .  ACL    ,       .  phpGACL    ,  ACL ,      ,    . 
  ,    : 
  DENY: Engines      ; 
  DENY: Engines      ; 
    ,         . 
   ,      . 
  
phpGACL      (ARO, AXO, ACO)          . 
 (  , , )     . 
       (ARO, AXO, ACO). 
  ,  , ,  , ,      .          .     ,   ().        ,       . 
    namespace.         ARO / AXO-    ,         . 
     ,    ,   .      (,   ). 
    . 
:  ,           , , ,  .    .     : 
acl_check('system', 'login', 'user', 'john_doe'); : 
acl_check(10, 21004, 15, 20304); 
            ,   phpGACL (  )         ->     . ,         ,         (       ). 
 ACO  -> : 
Floors -> 1st ( -> 1-); 
Floors -> 2nd ( -> 2-); 
Rooms -> Engines ( -> _). 
 ARO  -> : 
People -> John_Smith ( -> _); 
People -> Cathy_Jones ( -> _); 
Hosts -> sandbox.something.com ( -> sandbox.something.com). 
  API: 
acl_check(aro_section, aro_value, aco_section, aco_value); 
acl_check('People', 'John_Smith', 'Floor', '2nd'); 
  : 
ACO - Frob > Flerg, ARO  Frob -> Flerg (    ,   ,  namespaces      ); 
ACO  Frob -> Flerg, ACO  Frob -> Queegle (      ,  ,     ); 
AXO  Frob Hrung -> Flerg (   ). 
  : 
ACO  Frob -> Flerg, ACO  Frob -> Flerg (     ->    ); 
ACO  Frob -> Flerg Habit (    ). 
 
         .       add_object_section(). 
add_object_section(
    string NAME,          ,     
                         (, 'Levels in building'
                        (  )).
    string VALUE,         (, 'Floors' ()).
    int ORDER,           ,   ,     
                             .
    bool HIDDEN         ,       
                         .
    string GROUP_TYPE);    (ACO, ARO, AXO).
  3   AROs ,     ,    AROs    : 
  
??                    [ALLOW: ALL]
? ??" > "
? ??" > "           [DENY: Engines]
? ??" > "
??                  [ALLOW: Lounge]
? ??                   [ALLOW: Cockpit]
? ? ??" > -"
? ? ??" > "           [ALLOW: Guns] 
? ??" > R2D2"
? ??" > C3PO"
??                   [ALLOW: Engines, Guns]
  ??" > "
  ??" > R2D2"
  ??" > "
      ,       ,      acl_check()  .     phpGACL     . ,     ,         .          . 
 
,    phpGACL    , ,     ,         .     . 
PhpGACL      : 
         ; 
            (,     ); 
         ,     , ,      . 
      (   )   $gacl_options,     phpGACL.         : 
$gacl_options = array(
    'db_table_prefix' => 'gacl_',
    'db_type' => 'mysql',
    'db_host' => 'host1',
    'db_user' => 'user',
    'db_password' => 'passwd',
    'db_name' => 'gacl');

$gacl_host1 = new gacl($gacl_options);
  ,     ,  phpGACL        , , ,        . 
,      ,       ,  -   .           ARO     ARO-.   ,    APD (  ):  ->       ALLOW ():  ->  . ,   !      ,   ()  ,     ,            .       ,         - . 
   (AXO)
        ,     phpGACL.    ,  phpGACL    ARO  ACO (2 )    .      , : 
 (ARO)       (ACO). 
  ,   ,   AXO    (   ). 
,   ACOs  ,         .   ,     ,      ,     . 
AXOs  AROs   .   AXO (   ARO),      AXOs.       AXO, ,  AXO      ACO (   ,    ),    ACOs  ,      ,   . 
   ARO  ACO: 
ARO  ,  ; 
ACO  ,    . 
  ARO, ACO  AXO: 
ARO  ,   ; 
ACO  ,    
AXO  ,    . 
: 
        .  ARO    : 

??
? ??
? ??
??
  ??
  ??
         AXO: 

??Linux
? ??SpamFilter2
? ??AutoLinusWorshipper
??Windows
  ??PaperclipKiller
  ??PopupStopper
,       -    -  ACOs. 
 ,  ,        Linux.      ADP ( )  ARO   ACO   AXO Linux.     : 
 (ARO)    (ACO)   Linux (AXO). 
    ,  AXO  ,     AXO,  acl_check(),  ADP ( )    AXO. ,  APD ( )    AXO,    acl_check()   AXO,   . 
 ,     acl_check()  AXO,       ACL   AXO.   AXO  ,     ACL.  ( )      . 





 
1.         . ,      -  . 

2.  phpgacl/gacl.class.php.  db_type, db_host, db_user, db_password  db_name,    . 

   phpgacl/admin/gacl_admin.inc.php,      .       . 
,      ,   ,   gacl.calss.php    ,    .        ,        acl_check(). 
3.    ,     db_name. 
4. http://your_site.net/phpgacl/setup.php.     .    ,        . 

5.    (   : ,   /admin/templates_c      .  Go here!   ),   .        . 
6.  Go here!    : http://your_site.net/admin/acl_admin.php. 
 
    ADOdb   ,     phpGACL    : 
1. phpgacl/gacl.class.php  ADODB_DIR,       . 
2.  phpgacl/adodb  - ,  adodb_x   phpgacl/admin/acl_admin.php   . 
3.  adodb,    phpGACL. 
    Smarty   ,     phpGACL    : 
1.  phpgacl/admin/gacl_admin.inc.php,    : $smarty_dir  $smarty_compile_dir,     ,      Smarty.     phpGACL    (  ,       ). 
2.  phpgacl/smarty  ,  smarty_x.   phpgacl/admin/acl_admin.php   . 
3.  smarty  phpGACL. 
   phpGACL            ? 
1.    . 
2.  phpGACL        ()    ,     . 
mv phpgacl/ /www/includes_directory
ln -s /www/includes_directory/phpgacl/admin/ gacl
3.   phpgacl.     , , ,     ( ). 







 phpGACL   
 
      phpGACL   .             ADOdb.        . 
//   API
include('phpgacl/gacl.class.php');
$gacl = new gacl();
$username = $db->quote($_POST['username']);
$password = $db->quote(md5($_POST['password']));
$sql = 'SELECT name FROM users WHERE name=';
$sql .= $username.' AND password='.$password;
$row = $db->GetRow($sql);
if($gacl->acl_check('system','login','user',$row['name'])){
  $_SESSION['username'] = $row['name'];
  return true;
}
else
  return false;
     acl_check(),    ? 
 ARO- $row['name']  ARO- 'user'. 
  ACO- 'login'  ACO- 'system'. 









 
  
    




 API
ACL
add_acl() 
     . 
add_acl(
    array ACO Ids,
    array ARO_IDs,
    array ARO_GROUP_IDs,
    array AXO_IDs,
    array AXO_GROUP_IDs,
    bool ALLOW,
    bool ENABLED
    [, int ACL_ID])
: 
int ACL_ID,      FALSE,   . 


edit_acl() 
  ,      . 
edit_acl (
    array ACO IDs,
    array ARO_IDs,
    array ARO_GROUP_IDs,
    array AXO_IDs,
    array AXO_GROUP_IDs,
    bool ALLOW,
    bool ENABLED
    [, int ACL_ID] )
: 
int ACL_ID      FALSE,   . 

del_acl() 
  ,      . 
del_acl (
    int ACL ID)
: 
TRUE    , FALSE,   . 
Groups ()
get_group_id() 
 ID . 
get_group_id (
    string GROUP NAME)     (ARO, ACO, AXO)
: 
int GROUP_ID   , FALSE,  . 

get_group_parent_id() 
 ID   . 
get_group_parent_id (
    int GROUP_ID)
: 
int GROUP_PARENT_ID  , FALSE   . 

add_group() 
    . 
add_group (
    string NAME
    [, int GROUP_PARENT_ID]
    [, string OBJECT_TYPE])
: 
int GROUP_ID  , FALSE  . 

get_group_objects() 
      . 
get_group_aro (
    int GROUP_ID,
    string GROUP_TYPE)
: 
array SECTION_VALUE, VALUE  , FALSE  . 

add_group_object() 
 ARO  . 
add_group_aro (
    int GROUP_ID,
    string OBJECT_SECTION_VALUE,
    string OBJECT_VALUE,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int TRUE  , FALSE  . 

del_group_object() 
 ARO  . 
del_group_aro (
    int GROUP_ID,
    string OBJECT_SECTION_VALUE,
    string OBJECT_VALUE,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int TRUE  , FALSE  . 

edit_group() 
  
edit_group (
    int GROUP_ID,
    string NAME,
    int GROUP_PARENT_ID,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int TRUE  , FALSE  . 

del_group() 
 ,   ( )   . 
del_group (
    int GROUP_ID,
    bool REPARENT_CHILDREN,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int TRUE  , FALSE  . 
Access Objects (ARO/ACO/AXO) ( )
  API   ,   ACO, ARO, AXO. 

get_object() 
       . 
get_object (
    [string SECTION_VALUE], ,   ( )
    bool RETURN_HIDDEN,          
    string GROUP_TYPE)         (ARO, AXO, ACO)
: 
array OBJECT_ID  , FALSE  . 

get_object_data() 
        ID. 
get_object_data (
    int OBJECT_ID,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
array (section_value, value, order_value, name)  , FALSE  . 

get_object_id() 
 ID . 
get_object_id (
    string OBJECT_SECTION_VALUE,
    string OBJECT_VALUE,
    string GROUP_TYPE)    (ARO, AXO, ACO)
: 
int OBJECT_ID  , FALSE  . 

get_object_section_value()  ID     . 
get_object_section_value (
    int OBJECT_ID,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int SECTION_VALUE  , FALSE  . 

add_object() 
 . 
add_object (
    string SECTION_VALUE,
    string NAME,
    string VALUE,
    int ORDER,
    bool HIDDEN,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
array OBJECT_ID  , FALSE  . 

edit_object() 
 . 
edit_object (
    string SECTION_VALUE,
    string NAME,
    string VALUE,
    int ORDER,
    bool HIDDEN,
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
array OBJECT_ID  , FALSE  . 

del_object() 
 . 
del_object (
    int OBJECT_ID,
    string GROUP_TYPE,     (ARO, AXO, ACO)
    bool ERASE)
: 
int TRUE  , FALSE  . 
Access Object Sections (  )
  API   ,        (.    ). 

get_object_section_section_id() 
 ID  .        ,   . 
    ,     (      ).        . 
get_object_section_section_id (
    string NAME,          ,     
                        (,   )
    string VALUE,         (, )
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int SECTION_ID  , FALSE  . 

add_object_section() 
   . 
add_object_section(
    string NAME,          ,     
                        (,   )
    string VALUE,         (, )
    int ORDER,           .        .
    bool HIDDEN,        TRUE         .
    string GROUP_TYPE)     (ARO, AXO, ACO)
: 
int SECTION_ID  , FALSE  . 

edit_object_section() 
  .        (    add_object_section). 
edit_object_section (
    int OBJECT_SECTION_ID,  ID  (     
                             get_object_section_section_id).
    string NAME,              .
    string VALUE,             .
    int ORDER,                .
    bool HIDDEN,               (  )
    string GROUP_TYPE)         (ARO, AXO, ACO)
: 
TRUE  , FALSE  . 

del_object_section() 
 .      !!! 
del_object_section (
    int SECTION_ID,     ID 
    string GROUP_TYPE,     (ARO, AXO, ACO)
    bool ERASE)  TRUE -     .
                 FALSE,        ,
                   ,    ,
                    ,   .
: 
TRUE  , FALSE  . 

