Controller level permission

Question

Consider following code:

$acl = new Phalcon\Acl\Adapter\Memory();

$acl->setDefaultAction(Phalcon\Acl::DENY);

//Register roles
$acl->addRole(new Phalcon\Acl\Role('guest'));
$acl->addRole(new Phalcon\Acl\Role('member', 'guest'));
$acl->addRole(new Phalcon\Acl\Role('admin', 'user'));

$acl->addResource(new Phalcon\Acl\Resource('user'));
$acl->addResource(new Phalcon\Acl\Resource('index'));

$acl->allow('member', 'user', array());
$acl->allow('guest', 'index', array());

$acl->isAllowed('guest','index','index'); //returns false

I want grant permission at controller level, I mean when write: $acl->allow('member', 'user'); It grant member of actions of user controller, I do not want add all actions of user controller manually. How can I implement this idea?

Answer 1

There is a good example implementing Acl in the sample application called INVO, the Security plugin implements an Acl list, the resources regarding the public areas use a '*' as a wildcard to add a rule for every action in the controller:

<?php

$publicResources = array(
    'index' => array('index'),
    'about' => array('index'),
    'session' => array('index', 'register', 'start', 'end'),
    'contact' => array('index', 'send')
);
foreach($publicResources as $resource => $actions){
    $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}

//Grant access to public areas to both users and guests
foreach($roles as $role){
    foreach($publicResources as $resource => $actions){
        $acl->allow($role->getName(), $resource, '*');
    }
}