Add the entities you want to extend with ACL:
# config/packages/alchemy_acl.yaml
alchemy_acl:
objects:
publication: App\Entity\Publication
asset: App\Entity\AssetThen you must alias your UserRepository service:
# config/services.yaml
services:
Alchemy\AclBundle\Repository\UserRepositoryInterface: '@App\Repository\UserRepository'Add redis cache for access token:
# config/packages/cache.yaml
framework:
cache:
default_redis_provider: redis://redis
pools:
accessToken.cache: # You must use this name for auto wiring
adapter: cache.adapter.redis-
userTypeCan beuserorgroup -
userIdThe user ID or the group ID (depending on theuserType). If the value is NULL, then the ACE allows everybody. -
objectTypeDepending on the application. Rely on the object you have defined:
alchemy_acl:
objects:
publication: App\Entity\Publication
asset: App\Entity\AssetIn this application, objectType can be either publication or asset.
objectIdIf the value is NULL, then the ACE is apply to all objects of thisobjectType.
This bundle exposes the following routes to the application:
GET /permissions/acesGet access control entries (ACEs) Available query filters:userType(userorgroup)userIdobjectTypeobjectId
Examples:
# List all ACEs of an object
curl {HOST}/permissions/aces?objectType=publication&objectId=pub-42
# List all ACEs of a group
curl {HOST}/permissions/aces?userType=group&userId=g-42
# List all ACEs of a user
curl {HOST}/permissions/aces?userType=user&userId=u-42
# List all ACEs of a user on an object
curl {HOST}/permissions/aces?userType=user&userId=u-42&objectType=publication&objectId=pub-42PUT /permissions/aceAdd or update access control entry (ACE)
You must provide the following body:
{
"userType": "user",
"userId": "the-user-id",
"objectType": "publication",
"objectId": "the-publication-id",
"mask": 7
}DELETE /permissions/aceRemove access control entry (ACE)
{
"userType": "user",
"userId": "the-user-id",
"objectType": "publication",
"objectId": "the-publication-id"
}