From 2741576ee0ae4eded0492df12d71dfbcfbeec42a Mon Sep 17 00:00:00 2001 From: Toni Uebernickel Date: Mon, 6 Feb 2012 17:53:00 +0100 Subject: [PATCH] add documentation on the ACL implementation --- Resources/doc/README.markdown | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/Resources/doc/README.markdown b/Resources/doc/README.markdown index 7e66961..05c949a 100644 --- a/Resources/doc/README.markdown +++ b/Resources/doc/README.markdown @@ -405,3 +405,36 @@ To make use of the inheritance you only need to drop a schema file in the `Resou Each file can be overridden without interfering with other schema files. If you want to remove parts of a schema, you only need to add an empty schema file. + +## ACL implementation ## + +The `PropelBundle` provides a model-based implementation of the Security components' interfaces. +To make us of this `AuditableAclProvider` you only need to change your security configuration. + +``` yaml +security: + acl: + provider: propel.security.acl.provider +``` + +This will switch the provider to be the `AuditableAclProvider` of the `PropelBundle`. + +The auditing of this provider is set to a sensible default. It will audit all ACL failures but no success by default. +If you also want to audit successful authorizations, you need to update the auditing of the given ACL accordingly. + +### Separate database connection for ACL ### + +In case you want to use a different database for your ACL than your business model, you only need to configure this service. + +``` yaml +services: + propel.security.acl.connection: + class: PropelPDO + factory_class: Propel + factory_method: getConnection + arguments: + - "acl" +``` + +The `PropelBundle` looks for this service, and if given uses the provided connection for all ACL related operations. +The given argument (`acl` in the example) is the name of the connection to use, as defined in your runtime configuration.