Added example for LIFO/FILO #34
Conversation
|
@TomHAnderson can you add some explanations in the docs about the example, thanks! |
TomHAnderson
force-pushed
the
hotfix/doc-lifo-example
branch
from
ad483cc
to
a0373dc
Compare
|
@ezimuel This PR is ready for review. |
doc/book/usage.md
Outdated
|
|
||
| When specifying multiple parents for a role the last parent listed is the first | ||
| one searched for rules applicable to an authorization query. This Last-In-First-Out | ||
| (aka First-In-Last-Out) strategy is represented with this example. |
There was a problem hiding this comment.
To be honest, I have never seen it referred to as FILO, only LIFO.
doc/book/usage.md
Outdated
| When specifying multiple parents for a role the last parent listed is the first | ||
| one searched for rules applicable to an authorization query. This Last-In-First-Out | ||
| (aka First-In-Last-Out) strategy is represented with this example. | ||
| Here the `first` role is the highest order: |
There was a problem hiding this comment.
But first is the role being defined; shouldn't this be mentioning one of the parents (last, second, etc.)?
doc/book/usage.md
Outdated
| (aka First-In-Last-Out) strategy is represented with this example. | ||
| Here the `first` role is the highest order: | ||
|
|
||
| ``` |
There was a problem hiding this comment.
Examples should include a language identifier; in this case, append "php" to the code delimiters.
doc/book/usage.md
Outdated
|
|
||
| ``` | ||
| $acl->addRole(new Role('first'), ['last', 'third', 'second']); | ||
| ``` |
There was a problem hiding this comment.
For this example to have an impact, we need to demonstrate an ACL query that shows the order in which the parent roles are queried. That will require also demonstrating setup of the parent roles and their own permissions.
doc/book/usage.md
Outdated
| $acl->addRole(new Role('first'), ['last', 'third', 'second']); | ||
| ``` | ||
|
|
||
| Less-permissioned roles will be first in the parents array. For instance, where a`guest` |
There was a problem hiding this comment.
Here and elsewhere in the patch, please use only one space between a period and the start of the next sentence.
There was a problem hiding this comment.
Explain why less-permissioned roles should be first in the parents: because they will be queried first, and as soon as a single query returns false, no other parents are queried. As such, having roles with higher-level responsibilities first ensures that a positive query lookup will occur.
TomHAnderson
force-pushed
the
hotfix/doc-lifo-example
branch
from
bf7bd05
to
9adcae0
Compare
|
|
||
| Less-permissioned roles will be first in the parents array. For instance, where a`guest` | ||
| role is unauthenticated, a `user` role is authenticated, and an `admin` role has the highest | ||
| permissions. As soon as any ACL query returns false evaluation of `isAllowed` is terminated and false is returned. For this reason your least permissioned roles come first in the parents array. Adding the `admin` role is as follows: |
There was a problem hiding this comment.
This paragraph is confusing. First found rule is used, whether allow or deny. Right?
ACL by default is deny, so there is likely only allow rules unless role overrides inherited rules or otherwise explicitly declares deny rule.
|
This repository has been closed and moved to laminas/laminas-permissions-acl; a new issue has been opened at laminas/laminas-permissions-acl#1. |
|
This repository has been moved to laminas/laminas-permissions-acl. If you feel that this patch is still relevant, please re-open against that repository, and reference this issue. To re-open, we suggest the following workflow:
|
@ezimuel if you add this clarification I'll be appeased.