Overview

Site Pages, Site Areas, and API Calls are some of the Resources you might want to control access to.
A Resource might also represent a physical entity, such as a file.

By default, an Actor can access any Resource.
However, you can place restrictions on a Resource that dictate who/what is allowed to access it, thus giving you a powerful Access Control Layer.

Actors & Resources

Actors

An Actor is any object that wants to act on a resource.

Resources

A Resource can be anything, physical or logical, that you want to be able to control access to.

Access Control

Creating access permissions/restrictions

  1. use MyAppNamespace\FunctionalModel\User;
  2. use DblEj\Resources\Resource;
  3. use DblEj\Resources\ResourcePermission;
  4.  
  5. $user = new User("John Doe");
  6. $restrictedResource = new Resource("Test Resource", "MyUniqueId", Resource::RESOURCE_TYPE_GENERAL);
  7. $app->AddRestrictedResource($restrictedResource);
  8. $app->AddResourcePermission($user, $restrictedResource, ResourcePermission::RESOURCE_PERMISSION_OWN);

Checking permissions/restrictions

  1. use DblEj\Resources\Resource;
  2. use DblEj\Resources\ResourcePermission;
  3. use Wafl\Core;
  4.  
  5. $resource = $app->GetRestrictedResource("MyUniqueId", Resource::RESOURCE_TYPE_GENERAL);
  6. if ($app->IsAllowed($resource, Core::$CURRENT_USER, ResourcePermission::RESOURCE_PERMISSION_WRITE))
  7. {
  8.    print "Congratulations, you have write access to the resource MyUniqueId";
  9. } else {
  10.    print "Sorry, you do not have write access to the resource MyUniqueId";
  11. }

Access types

  • RESOURCE_PERMISSION_NONE
  • RESOURCE_PERMISSION_READ
  • RESOURCE_PERMISSION_WRITE
  • RESOURCE_PERMISSION_DELETE
  • RESOURCE_PERMISSION_OWN

Web Application Convenience methods

If you use SiteStructure.syrp to define your site's structure, then you are able to predefine user and group access to the SiteArea and SitePage resources.
The following methods can then be used to determine if a user is allowed to access a given Site Page or Site Area.

IWebApplication::IsActorAllowedAccessToSiteArea(IActor $actor, SiteArea $siteArea, $permissions = ResourcePermission::RESOURCE_PERMISSION_NONE)
IWebApplication::IsActorAllowedAccessToSitePage(SitePage $sitePage, IActor $actor = null, $permissions = ResourcePermission::RESOURCE_PERMISSION_NONE)
Example use of IsActorAllowedAccessToSiteArea as IsActorAllowedAccessToSitePage
  1. use DblEj\Resources\Resource;
  2. use DblEj\Resources\ResourcePermission;
  3. use Wafl\Core;
  4.  
  5. $sitePage = $app->GetRegisteredSitePageByRequest($request);
  6. $siteArea = $sitePage->Get_ParentArea();
  7. if ($app->IsActorAllowedAccessToSiteArea(Core::$CURRENT_USER, $siteArea, ResourcePermission::RESOURCE_PERMISSION_WRITE))
  8. {
  9.    print "Congratulations, you have write access to the site area;
  10. } else {
  11.    print "Sorry, you do not have write access to the site area";
  12. }
  13.  
  14. if ($app->IsActorAllowedAccessToSitePage($sitePage, Core::$CURRENT_USER, ResourcePermission::RESOURCE_PERMISSION_OWN))
  15. {
  16.    print "Congratulations, you have own access to the site page;
  17. } else {
  18.    print "Sorry, you do not have own access to the site page";
  19. }