Other Classes

There are a few other Access Control classes that are used behind the scenes of Access Control itself or by the ember-fw-acl aspect of Access Control, and they should be briefly mentioned here. These classes will be helpful to know about, but you will normally not need to directly use any of these classes, since this is handled for you by the other classes that you learned about in the previous section. If you are just looking for a "how to setup Access Control", this page will likely not be of great benefit to you. If you are seeking to know on a deeper level how Access Control works (as potentially a developer of Access Control), this may help to guide you through a deeper understanding of the addon.

Controller Class

The Controller class is used primarily by the ember-fw-acl addon for various functions to be able to call on the serverside. The Controller init function was setup in Setup, which actually sets up the Router.php in order that ember-fw-acl modal can call the following functions to the access route. Again, most of these will not be used by you other than through the modal, but they are helpful to know about nonetheless:

  • search This function allows you to enter search parameters, and display users, groups, roles and departments that you can potentially set to be a rule. In ember-fw-acl, this function is used for the results in the search dropdown menu.
  • config This function returns a list of user types that the current user can access, based on permissions. In ember-fw-acl, this should effect which user types you are able to search for in the search bar and which user types have rules which display in the Current Rules (ie if base user doesn't have access to see Groups, then only Users will display in Current Rules).
  • browse This function allows you to find all the rules for a specific resource, by a specific ID. In ember-fw-acl, the results of this browse are displayed in the modal under "Current Rules".
  • add This function allows you to add a new rule to Access Control for that resource. If you do not have access to edit, there will be a 403 error returned.
  • edit This function allows you to edit an existing rule for Access Control for that resource. If you do not have access to edit, there will be a 403 error returned.
  • delete This function allows you to delete a rule in Access Control for that resource. If you do not have access to edit, there will be a 403 error returned.

Of course, this class extends AuthController, and functions very much as a regular Controller would in the FW App system. It is rare that you would need to use any of these routes or functions outside of how they are already defined for you in ember-fw-acl, but we are describing these in case there is an extremely rare edge case where it may be beneficial.

Model Class

This Model class functions much like you would expect a regular Serverside Model to work, except that it does not actually extend the regular Model. It is used primarily by the Controller function to do the various routes that you have access to, as described above, except directly to the database. Here are the public functions which are defined by Model:

  • init This initializes the variables of config and qb, which are used by all other functions. So any time you are directly calling the Model class, you must call init first.
  • search This is the behind the scenes function behind the search function in the Controller. It is highly unlikely you will need to use this directly in the Serverside.
  • findAllByResource is the behind the scenes function behind the browse function in the Controller. It takes the parameters resource and id, and returns all rules that apply.
  • add This is the one function you are highly likely to use from this class, but it is described at length in the Usage Documentation.
  • edit This obviously edits an existing rule. Again, it is unlikely you will use this outside of Access Control (since you would probably call the edit route if anything)
  • delete Deletes an existing rule. This is called by delete route, and you should not call it directly.

As you may have gathered. Model is meant to be an go-between for the database and the Controller, so you should not need to use any of these functions directly from the Serverside of you app, except for add. But these are the options you have to use if you find yourself in the extremely edge case where you need to use them on the server. It is less likely that you will need to use these without the Controller than for you to need to use the Controller Routes without ember-fw-acl

Permissions Class

The Permissions class is an internal class which deals within Access Control permissions configuration that you set up earlier. It is used quite extensively within the Controller class in order to determine that that user, based on their role, has access to specific User Types or not. It is very unlikely for there to be a use case to use this class outside of Access Control itself, but if there is, there is only one defined function and that is check it takes a type and a value, and it checks the type and value against the permissions configuration and will return true or false depending on whether the role level that user has has access to that User Type. The only time value is used is when checking against the self permission (which only allows a user of that role to edit things for their own user).