As I promised, here's the more "advanced" tutorial regarding roles and acl in SolarPHP using the sql adapter.

I'll continue the previous tutorial, so if you didn't had chance to read it here's a link.

Now let's continue.
Here's the config required for the roles / acl

$config['Solar_Role']['adapter'] = 'Solar_Role_Adapter_Sql';
$config['Solar_Role_Adapter_Sql'] = array(
'table' => 'roles',
'handle_col' => 'username',
'role_col' => 'name',
);

$config['Solar_Access']['adapter'] = 'Solar_Access_Adapter_Sql';
$config['Solar_Access_Adapter_Sql'] = array(
'table' => 'acl',
'flag_col' => 'flag',
'type_col' => 'type',
'name_col' => 'name',
'class_col' => 'class_name',
'action_col' => 'action_name',
'order_col' => 'position',
);

It took a bit for more to figure out the relationship between the roles table and the user's table because in my mind, the roles table would have had only a role name and it would have checked the user's table for a corresponding column with the same name.

It's not like that it seems. Considering that we set our handle_col to be an username, in the roles table you enter a username / role pair, the username beeing the "key" that relates between the users table and the roles table.

Let's move along to the acl section.
The flag column is for setting the allow / deny options that can either be an allow/deny string or a 1/0 bool option.

The type column allows for setting the permissions between a 'handle' type that represents 1 user and a 'role' type that represents, well a role group.

The name column holds either the username in case of the type being handle, or a role name in case the type is, you guess it, role.

The class name is for setting the class on which the ACL applies. You can use * to mark all occurrences.

The action name is for the action inside that class on which the ACL applies. The same * can be used for all occurrences.

I never used the order col, i assume it can be used in cases in which you allow all the actions from a specific class, but you want to deny the access on a specific action after that.

So let's say for ex that you have 3 users, 2 of which belong to the admin role.


INSERT INTO `roles` (`id`, `username`, `name`) VALUES
(1, 'coolgoose', 'admin'),
(2, 'johhny', 'admin');


We now need to set up the acl table. (remember 0 means deny, so we deny all by default and then allow only what we want for who we want).


INSERT INTO `acl` (`id`, `flag`, `type`, `name`, `class_name`, `action_name`, `position`) VALUES
(1, 0, 'handle', '*', '*', '*', ''),
(2, 0, 'role', '*', '*', '*', ''),
(3, 1, 'role', 'admin', '*', '*', ''),
(3, 1, 'role', 'member', 'Webland_Example_App', '*', '');
(3, 0, 'role', 'member', 'Webland_Example_App', 'delete', '');


We can now check our logged in user's permissions in the actionDelete:

public function actionDetails()
{
if ($this->_user->access->isAllowed(get_class($this), $this->_action)) {
print 'you are allowed';
}
else {
print 'you are not';
}
}

get_class($this) is a shortcode for getting the current's class name, and $this->_action is for the current action.

I hope this tutorial helped grasp the basic concepts of roles / acl in Solar.