2
0
mirror of https://github.com/opnsense/docs synced 2024-11-09 01:10:33 +00:00
opensense-docs/source/development/components/acl.rst
2018-11-09 13:52:31 +01:00

56 lines
1.6 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

===================
Access Control List
===================
.. sidebar:: Access Control List
.. image:: images/acl-finger-print.jpg
--------
Overview
--------
The current ACL system is targeted at delivering backwards compatibility
for legacy code and being able to extend this a little to add new
features without having to reimplement the whole system.
In the legacy system the access control is using the following steps to
determine if a page can be accessed by a user:
#. The user, stored in the config.xml file at system/user (one item per
user)
#. One or more groups for that user, stored in system/group which
contains priv sections.
#. A PHP file binding the priv section content to a page mask (including
wildcards)
Our temporary solution is to keep the user and the group in place and replace the
PHP file with a simple config in the model which uses the same mask construction
there was in the old codebase. To bind priv to pages, edit models/OPNsense/Core/ACL\_Legacy\_Page\_Map.txt
--------------
Usage from PHP
--------------
Using the system from PHP is rather simple:
.. code-block:: php
$acl = new OPNsense\Core\ACL();
if ( $acl->isPageAccessible("user", "/firewall_rules.php") ) {
print ( "/firewall_rules.php is accessible" ) ;
}
-----------------------
Usage in Volt templates
-----------------------
The ACL scheme is bound to the default UI controller, and can be used by
using the acl keyword:
.. code-block:: jinja
{% if acl.isPageAccessible(session.get('Username'),subMenuItem.Url)  %}
this page is accessible
{% endif %}