46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
|
|
# ACL in this system is defined as follows:
|
|
#
|
|
# - Roles:
|
|
# Roles define a group of user. like Author, Admin, Guest etc.
|
|
# Each role can inherit other roles with the "inherit" key.
|
|
# Each role can gain access to a zone (explained later) by the
|
|
# "allowed-zones" key. Per default a role is denied access to all zones.
|
|
#
|
|
# - Resources:
|
|
# Resources maps directly to controller names. If a controller is not
|
|
# under the default module. <module>/<controller> format is used instead.
|
|
#
|
|
# A special wildcard "*" character can be used to allow access to all
|
|
# controllers (most likely only useful for non-default modules).
|
|
#
|
|
# There a 2 controllers/resources that are a bit special,
|
|
# index and error resources are always accessible by everyone (e.g. they
|
|
# are not part of the ACL).
|
|
#
|
|
# - Access levels.
|
|
# These are not used in this system. a hardcoded "All" level is used.
|
|
#
|
|
# Zones
|
|
#
|
|
# Zones defines as 1 or more resources. for example an "backend" zone can
|
|
# have 2 controllers/resources (site-config, user-manager)
|
|
|
|
acl:
|
|
roles:
|
|
guest:
|
|
allowed-zones: public
|
|
description: Non logged in users
|
|
user:
|
|
inherits: guest
|
|
allowed-zones: user
|
|
description: Logged in users
|
|
admin:
|
|
inherits: user
|
|
description: Administrators
|
|
allowed-zones: backend
|
|
|
|
zones:
|
|
public: [ auth, api ]
|
|
user: [ user, callback ]
|
|
backend: backend/*
|