_adapter = new Adapter(); // Deny access to everything by default. $this->_adapter->setDefaultAction(\Phalcon\Acl::DENY); $this->fromConfig($config); } /** * @param $role * @param $resource * @return bool */ public function isAllowed($role, $resource) { return $this->_adapter->isAllowed($role, $resource, 'All') == \Phalcon\Acl::ALLOW; } /** * @param string $resource * @return bool */ public function hasResource($resource) { return $this->_adapter->isResource($resource); } public function fromConfig(Config $config) { // Add roles. foreach($config->roles as $name => $def) { $inherits = null; $description = null; if ($def instanceof Config) { $inherits = $def->get('inherits'); $description = $def->get('description'); } $role = new Role($name, $description); $this->_adapter->addRole($role, $inherits); } // Zones foreach($config->zones as $name => $resources) { if (!($resources instanceof Config)) { $resources = new Config([ $resources ]); } foreach($resources as $resource) { $this->_adapter->addResource($resource, 'All'); } } // Grant access for roles and resources. foreach($config->roles as $name => $def) { $zones = $def->get('allowed-zones', []); if (is_string($zones)) { $zones = [ $zones ]; } foreach($zones as $zone) { foreach($config->zones->get($zone) as $resource) { $this->_adapter->allow($name, $resource, 'All'); } } } } }