ACLService

Table of contents

  1. Overview
  2. Public Methods
  3. Notes


1. Overview Table of Contents

The ACLService class provides a collection of static methods for managing Access Control Lists (ACLs) associated with users. ACLs define role-based permissions and are stored as a JSON-encoded array in each user’s acl field.

This service helps enforce permission rules across the application while maintaining clean separation from controller logic.

Setup

use Core\Services\AclService;

Common Use Cases

  • Assign or remove ACLs from users
  • Determine which ACLs are in use
  • Prevent deletion of ACLs assigned to users
  • Set default ACLs at registration


2. ⚙️ Public Methods Table of Contents

aclsForUser(Users $user): array

Returns the decoded ACL array for a given user.

$acls = ACLService::aclsForUser($user);


aclToArray(mixed $acls): array

Normalizes any input into a stringified array of ACLs.

$normalized = ACLService::aclToArray(['Admin', 'Manager']);


addAcl(int $user_id, string $acl): bool

Adds a new ACL string to a user’s acl field.

ACLService::addAcl(3, 'Manager');


removeAcl(int $user_id, string $acl): bool

Removes an ACL string from a user’s acl field.

ACLService::removeAcl(3, 'Viewer');


checkACL(ACL $acl): void

Redirects with a flash message if:

  • The ACL does not exist, or
  • The ACL is already assigned to users and cannot be modified. 
    ACLService::checkACL($acl);


deleteIfAllowed(int $id): bool

Deletes an ACL only if it is not assigned to any users.

ACLService::deleteIfAllowed($aclId);


manageAcls(array $acls, Users $user, array $newAcls, array $userAcls): void

Adds or removes ACLs from a user based on the differences between the new ACLs and existing ACLs.

Used internally by updateUserACLs().


updateUserACLs(Users $user, array $userAcls, array $acls, ?array $postAcls = null): void

Central method for updating a user’s ACLs. Compares current ACLs with selected ones and saves the result.

ACLService::updateUserACLs($user, $existing, $all, $posted);


setAclAtRegistration(): string

Returns the default ACL value for a new user:

  • “Admin” if no users exist yet
  • ”” (blank string) otherwise 
    ACLService::saveACL($acl, $request);


saveACL(ACL $acl, Input $request): bool

Assigns data to an ACL and saves it, using a blacklist if the ACL already exists.

ACLService::saveACL($acl, $request);


usedACLs(): array

Returns all ACL records currently assigned to at least one user.

$used = ACLService::usedACLs();


unUsedACLs(): array

Returns all ACL records not assigned to any users.

$unused = ACLService::unUsedACLs();


3. 🧠 Notes Table of Contents

  • User ACLs are stored as JSON in the acl column of the users table.
  • The service ensures consistent encoding and decoding of ACL data.
  • Methods like checkACL() and deleteIfAllowed() are designed for use in admin-facing ACL management interfaces.
  • This service should be used instead of direct access to $user->acl.