add documentation on the ACL implementation

2012-02-06 17:53:00 +01:00 · 2012-02-06 17:53:00 +01:00 · 2741576ee0
commit 2741576ee0
parent 1fa29dbdf9
1 changed files with 33 additions and 0 deletions
--- a/Resources/doc/README.markdown
+++ b/Resources/doc/README.markdown
@ -405,3 +405,36 @@ To make use of the inheritance you only need to drop a schema file in the `Resou

 Each file can be overridden without interfering with other schema files.
 If you want to remove parts of a schema, you only need to add an empty schema file.
+
+## ACL implementation ##
+
+The `PropelBundle` provides a model-based implementation of the Security components' interfaces.
+To make us of this `AuditableAclProvider` you only need to change your security configuration.
+
+``` yaml
+security:
+    acl:
+        provider: propel.security.acl.provider
+```
+
+This will switch the provider to be the `AuditableAclProvider` of the `PropelBundle`.
+
+The auditing of this provider is set to a sensible default. It will audit all ACL failures but no success by default.
+If you also want to audit successful authorizations, you need to update the auditing of the given ACL accordingly.
+
+### Separate database connection for ACL ###
+
+In case you want to use a different database for your ACL than your business model, you only need to configure this service.
+
+``` yaml
+services:
+    propel.security.acl.connection:
+        class: PropelPDO
+        factory_class: Propel
+        factory_method: getConnection
+        arguments:
+            - "acl"
+```
+
+The `PropelBundle` looks for this service, and if given uses the provided connection for all ACL related operations.
+The given argument (`acl` in the example) is the name of the connection to use, as defined in your runtime configuration.