/usr/share/phpgacl/docs/examples/millennium_falcon/fineGrainAccessControl.php is in phpgacl 3.3.7-7.3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 | <?php
/*
* PHPGACL Millennium Falcon ACL fineGrainAccessControl.php
*
* Fine-grain access Control. (manual p.8-9)
*
* The ACL tree for this example should start as:
* Millennium Falcon Passengers Group
* |-Crew Group [ALLOW: ALL]
* | |-Han ARO
* | '-Chewie ARO
* '-Passengers Group [ALLOW: Lounge]
* |-Obi-wan ARO
* |-Luke ARO
* |-R2D2 ARO
* '-C3PO ARO
*
* The ACL tree at the end of this example will be:
* Millennium Falcon Passengers Group
* |-Crew Group [ALLOW: ALL]
* | |-Han ARO
* | '-Chewie ARO [DENY: Engines]
* '-Passengers Group [ALLOW: Lounge]
* |-Obi-wan ARO
* |-Luke ARO [ALLOW: Guns]
* |-R2D2 ARO [ALLOW: Engines]
* '-C3PO ARO
*/
/*
* Initialise the database - by clearing and running the previous examples.
*/
// Let's get ready to RUMBLE!!!
$gacl_api = new gacl_api($gacl_options);
/*
* Keep in mind, all of this can be done through the Administration Interface via your browser.
*/
/*
* Deny Chewie Access to the Engines!
*/
//Associative array, with Object Section Value => array( Object Value ) pairs.
$aco_array = array('access' => array('engines') );
$aro_array = array('crew' => array('chewie') );
$allow = FALSE;
$enabled = TRUE;
$return_value = NULL;
$note = "Denying Chewie access to the engines!";
//The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info.
$result = $gacl_api->add_acl($aco_array, $aro_array, NULL, NULL, NULL, $allow, $enabled, $return_value, $note);
if ($outputDebug == TRUE){
if ($result !== FALSE) {
echo "Chewie has been denied access to the Engines!<br>\n";
} else {
echo "Error creating ACL.<br>\n";
}
echo "<br>\n";
echo "=================================================================================================<br>\n";
echo "-- Lets test the new ACL for Chewie! --<br>\n";
echo "=================================================================================================<br>\n";
}
// Lets check if Chewie has access to the engines
if ( $gacl_api->acl_check('access', 'engines', 'crew', 'chewie') ) {
if ($outputDebug == TRUE){
echo "Chewie still has access to the engines!<br>\n";
}
} else {
if ($outputDebug == TRUE){
echo "Chewie has been denied access to the engines! (Han saves the hyperdrive from further distress!)<br>\n";
}
}
// Lets check if Chewie still has access to the cockpit
if ( $gacl_api->acl_check('access', 'cockpit', 'crew', 'chewie') ) {
if ($outputDebug == TRUE){
echo "And Chewie still has access to the cockpit! (Hans plan worked!)<br>\n";
}
} else {
if ($outputDebug == TRUE){
echo "Chewie has been denied access to the cockpit! (Not good - somethings not right!)<br>\n";
}
}
if ($outputDebug == TRUE){
echo "<br>\n";
echo "=================================================================================================<br>\n";
echo "-- Under Attack - Allow Luke Access to the Guns and R2D2 to the Engines! --<br>\n";
echo "=================================================================================================<br>\n";
}
/*
* Allow Luke Access to the Guns!
*/
//Associative array, with Object Section Value => array( Object Value ) pairs.
$aco_array = array('access' => array('guns') );
$aro_array = array('passengers' => array('luke') );
$allow = TRUE;
$enabled = TRUE;
$return_value = NULL;
$note = "Allowing Luke access to the guns!";
//The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info.
$result = $gacl_api->add_acl($aco_array, $aro_array, NULL, NULL, NULL, $allow, $enabled, $return_value, $note);
if ($outputDebug == TRUE){
if ($result !== FALSE) {
echo "Luke has been granted access to the Guns!<br>\n";
} else {
echo "Error creating ACL - Luke can't get to the Guns.<br>\n";
}
}
/*
* Allow R2D2 Access to the Engines!
*/
//Associative array, with Object Section Value => array( Object Value ) pairs.
$aco_array = array('access' => array('engines') );
$aro_array = array('passengers' => array('r2d2') );
$allow = TRUE;
$enabled = TRUE;
$return_value = NULL;
$note = "Allowing R2D2 access to the engines!";
//The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info.
$result = $gacl_api->add_acl($aco_array, $aro_array, NULL, NULL, NULL, $allow, $enabled, $return_value, $note);
if ($outputDebug == TRUE){
if ($result !== FALSE) {
echo "R2D2 has been granted access to the Engines!<br>\n";
} else {
echo "Error creating ACL - R2D2 can't get to the Engines! (we're doomed says C3PO!).<br>\n";
}
}
if ($outputDebug == TRUE){
echo "<br>\n<br>\nDone! Now how easy was that? <br>\n";
echo "Remember to check out the <a href='../../../admin/acl_list.php'>Administration Interface</a> which can do all of the above in a few simple clicks.<br>\n<br>\n";
}
?>
|