Initial commit

.editorconfig

@@ -0,0 +1,18 @@
+# EditorConfig is awesome: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Set default charset
+[*]
+charset = utf-8
+
+# 4 space indentation
+[*]
+indent_style = space
+indent_size = 4

README.md

@@ -0,0 +1,134 @@
+# PHP ACL
+
+---
+
+## About
+
+PHP ACL _(Access Control List)_ is a service that allows you to protect/enable functionality based on the current user's assigned role(s), and those role(s) permissions (abilities).  So, if the current user has a "moderator" role, and a moderator can "ban_users", then the current user can "ban_users".
+
+---
+
+## Documentation
+
+### `MikeMcLin\Acl|Acl` methods
+
+#### `resume()`
+
+Restore data from storage.
+
+###### Returns
+
+**boolean** - true if web storage existed, false if it didn't
+
+#### `attachRole(role)`
+
+Attach a role to the current user. A user can have multiple roles.
+
+###### Parameters
+
+| Param | Type | Example | Details |
+| ----- | ---- | ------- | ------- |
+| `role` | string | `"admin"` | The role label |
+
+#### `detachRole(role)`
+
+Remove a role from the current user
+
+###### Parameters
+
+| Param | Type | Example | Details |
+| ----- | ---- | ------- | ------- |
+| `role` | string | `"admin"` | The role label |
+
+#### `flushRoles()`
+
+Remove all roles from current user
+
+#### `hasRole(role)`
+
+Check if the current user has role attached
+
+###### Returns
+
+**boolean**
+
+#### `setAbilities(abilities)`
+
+Set the abilities object (overwriting previous abilities).
+
+###### Parameters
+
+| Param | Type | Details |
+| ----- | ---- | ------- |
+| `abilities` | object | Each property on the abilities object should be a role. Each role should have a value of an array. The array should contain a list of all of the role's abilities. |
+
+###### Example
+
+```js
+var abilities = (object)[
+  guest: ['login'],
+  user: ['logout', 'view_content'],
+  admin: ['logout', 'view_content', 'manage_content']
+]
+setAbilities(abilities);
+```
+
+#### `addAbility(role, ability)`
+
+Add an ability to a role
+
+###### Parameters
+
+| Param | Type | Example | Details |
+| ----- | ---- | ------- | ------- |
+| `role` | string | `"admin"` | The role label |
+| `ability` | string | `"create_users"` | The ability/permission label |
+
+#### `can(ability)`
+
+Does current user have permission to do the given ability?
+
+###### Returns
+
+**boolean**
+
+###### Example
+
+```php
+// Setup some abilities
+$acl->addAbility('moderator', 'ban_users');
+$acl->addAbility('admin', 'create_users');
+
+// Add moderator role to the current user
+$acl->attachRole('moderator');
+
+// Check if the current user has these permissions
+$acl->can('ban_users'); // returns true
+$acl->can('create_users'); // returns false
+```
+
+---
+
+## License
+
+The MIT License
+
+Angular ACL
+Copyright (c) 2015 Mike McLin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

composer.json

@@ -0,0 +1,19 @@
+{
+    "name": "mikemclin/php-acl",
+    "description": "Role-based permissions for PHP",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Mike McLin",
+            "email": "[email protected]"
+        }
+    ],
+    "autoload": {
+        "psr-4": {
+            "MikeMcLin\\Acl\\": "app/"
+        }
+    },
+    "require": {
+        "php": ">=5.4.0"
+    }
+}

src/Acl.php

@@ -0,0 +1,154 @@
+<?php
+
+namespace MikeMcLin\Acl;
+
+use MikeMcLin\Acl\Storage\ForgetStorable;
+use MikeMcLin\Acl\Storage\StorableContract;
+
+class Acl implements AclContract, StorableContract
+{
+    use ForgetStorable;
+
+    protected $roles = [];
+    protected $abilities;
+
+    public function __construct()
+    {
+        $this->abilities = (object)[];
+        $this->abilities->user = [
+            'view_users'
+        ];
+    }
+
+    /**
+     * Restore data from web storage.
+     *
+     * Returns true if web storage exists and false if it doesn't.
+     *
+     * @return bool
+     */
+    public function resume()
+    {
+        $dataArray = $this->fetch();
+        if (!is_array($dataArray)) {
+            return false;
+        }
+        $this->roles = $dataArray['roles'];
+        $this->abilities = $dataArray['abilities'];
+        return true;
+    }
+
+    /**
+     * Attach a role to the current user
+     *
+     * @param $role
+     */
+    public function attachRole($role)
+    {
+        $this->roles[] = $role;
+    }
+
+    /**
+     * Detach a role to the current user
+     *
+     * @param $role
+     */
+    public function detachRole($role)
+    {
+        $this->roles = array_diff($this->roles, [$role]);
+    }
+
+    /**
+     * Remove all roles from current user
+     */
+    public function flushRoles()
+    {
+        $this->roles = [];
+    }
+
+    /**
+     * Check if the current user has role attached
+     *
+     * @param $role
+     *
+     * @return bool
+     */
+    public function hasRole($role)
+    {
+        return in_array($role, $this->roles);
+    }
+
+    /**
+     * Set the abilities object (overwriting previous abilities)
+     *
+     * Each property on the abilities object should be a role.
+     * Each role should have a value of an array. The array should contain
+     * a list of all of the roles abilities.
+     *
+     * Example:
+     *
+     *    (object) [
+     *        guest => ['login'],
+     *        user  => ['logout', 'view_content'],
+     *        admin => ['logout', 'view_content', 'manage_users']
+     *    ]
+     *
+     * @param $abilities
+     */
+    public function setAbilities($abilities)
+    {
+        $this->abilities = $abilities;
+    }
+
+    /**
+     * Get the abilities object
+     *
+     * @return object
+     */
+    public function getAbilities()
+    {
+        return $this->abilities;
+    }
+
+    /**
+     * Add an ability to a role
+     *
+     * @param $role
+     * @param $ability
+     */
+    public function addAbility($role, $ability)
+    {
+        if (!isset($this->abilities->{$role})) {
+            $this->abilities->{$role} = [];
+        }
+        $this->abilities->{$role}[] = $ability;
+    }
+
+    /**
+     * Does current user have permission to do something?
+     *
+     * @param $ability
+     *
+     * @return bool
+     */
+    public function can($ability)
+    {
+        foreach ($this->roles as $role) {
+            if (is_array($this->abilities->$role) && in_array($ability, $this->abilities->$role)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Persist data to storage
+     */
+    protected function save()
+    {
+        $this->persist([
+            'roles'     => $this->roles,
+            'abilities' => $this->abilities
+        ]);
+    }
+}