Archives
/
opensense-docs
mirror of https://github.com/opnsense/docs
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dashboard
BGP_ASN_Alias_FR5913
rss
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '020c7c74ec'
${ noResults }
opensense-docs/source/development/components/acl.rst

56 lines
1.6 KiB
ReStructuredText
Raw Normal View History Unescape Escape

Initial version of the freely available OPNsense documentation project, original commiters are listed in LICENSE file.
6 years ago
===================
Access Control List
===================
.. sidebar:: Access Control List
.. image:: images/acl-finger-print.jpg
--------
Overview
--------
The current ACL system is targeted at delivering backwards compatibility
for legacy code and being able to extend this a little to add new
features without having to reimplement the whole system.
In the legacy system the access control is using the following steps to
determine if a page can be accessed by a user:
#. The user, stored in the config.xml file at system/user (one item per
user)
#. One or more groups for that user, stored in system/group which
contains priv sections.
#. A php file binding the priv section content to a page mask (including
wildcards)
Our temporary solution is to keep the user and the group in place and replace the
php file with a simple config in the model which uses the same mask construction
there was in the old codebase. To bind priv to pages, edit models/OPNsense/Core/ACL\_Legacy\_Page\_Map.txt
--------------
Usage from php
--------------
Using the system from php is rather simple:
.. code-block:: php
$acl = new OPNsense\Core\ACL();
if ( $acl->isPageAccessible("user", "/firewall_rules.php") ) {
print ( "/firewall_rules.php is accessible" ) ;
}
-----------------------
Usage in Volt templates
-----------------------
Many typo fixes and some rewording (#80)
6 years ago
The ACL scheme is bound to the default UI controller, and can be used by
Initial version of the freely available OPNsense documentation project, original commiters are listed in LICENSE file.
6 years ago
using the acl keyword:
.. code-block:: jinja
{% if acl.isPageAccessible(session.get('Username'),subMenuItem.Url)  %}
this page is accessible
{% endif %}