Problem with SecurityPlugin

<?php
$privateResources = [
    'product' => ['test'],
];
$publicResources = [
    'product' => ['test2'],
];

Juest like above In privateResources and publicResources. Can I use product controller together?



1.5k
edited Dec '14

Yes, absolutely.

The acl will check the combination of role, controller and action to specify if you are have the right to access the resource so you can use controller with serveral actions like your code above.

P/s: This is my code implementation for private and public resource, just for your reference.

    $acl->setDefaultAction(Phalcon\Acl::DENY);

    //Register roles
    $roles = array(
        'users'  => new Phalcon\Acl\Role('Users'),
        'guests' => new Phalcon\Acl\Role('Guests')
    );
    foreach ($roles as $role) {
        $acl->addRole($role);
    }

    //Private area resources
    $privateResources = array(
        'user'    => array('index', 'products''),
        /*Other rules could be here*/
    );
    foreach ($privateResources as $resource => $actions) {
        $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
    }

    //Public area resources
    $publicResources = array(
        'user' => array('publicProfile', 'buy'),
        /*Other rules could be here*/
    );
    foreach ($publicResources as $resource => $actions) {
        $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
    }

    //Grant access to public areas to both users and guests
    foreach ($roles as $role) {
        foreach ($publicResources as $resource => $actions) {
            $acl->allow($role->getName(), $resource, '*');
        }
    }

    //Grant acess to private area to role Users
    foreach ($privateResources as $resource => $actions) {
        foreach ($actions as $action){
            $acl->allow('Users', $resource, $action);
        }
    }
    return $this->persistent->acl;