Acl security

ShineISP uses the BjyAuthorize to handle the user permissions. The BjyAuthorize module is designed to provide a facade for Zend\Permissions\Acl that will ease its usage with modules and applications. By default, it provides simple setup via config files or by using Zend\Db.

In order to activate the module you have to copy this file:

/vendor/shinesoftware/base/config/autoload.dist/bjyauthorize.local.php.dist

within this directory:

/config/autoload/bjyauthorize.local.php

Roles

There are 3 standard roles:

  1. Guest
  2. User
  3. Admin

The guest can see all the cms pages. The user must be sign up a profile before read the pages. The admin can see all pages and he/she can add/delete/edit the records.

CMS Roles sample

For instance the CMS module has these ACL rules declared at

/vendor/shinesoftware/cms/config/module.config.php

return array(
    'bjyauthorize' => array(
        'guards' => array(
            'BjyAuthorize\Guard\Route' => array(

                // public pages
                array('route' => 'cms/page', 'roles' => array('guest')),
                ...

                // Administration pages
                array('route' => 'zfcadmin/cmspages', 'roles' => array('admin')),
                ...
            ),
        ),
    ),

results matching ""

    No results matching ""