Download the PHP package carrooi/security without Composer
On this page you can find all versions of the php package carrooi/security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download carrooi/security
More information about carrooi/security
Files in carrooi/security
Package security
Short Description Modular security system for Nette framework
License MIT
Informations about the package security
Carrooi/Security
Extensible authorization built on top of nette/security.
This package came in handy if you want to create modular website and keep all pieces decoupled with "custom" checking for privileges.
Now you can really easily check if eg. given user is author of some book and so on..
This idea comes from nette/addons website.
Installation
Then just enable nette extension in your config.neon:
Configuration
Well, there is nothing modular.... Yet.... We just say that resource book
has view
action which is accessible to
everyone, add
to logged users and edit
with delete
actions to users with admin
role.
There are also two default
options. With the first one we say that each ->isAllowed()
call on unknown action will
automatically return true
. But the second default
will overwrite this option for all book
actions to false
.
That means that eg. ->isAllowed('book', 'detail')
will return false
, but ->isAllowed('user', 'detail')
true
.
Other resources and actions
If default
option is not enough, you can create default resource or default action with asterisk.
Custom resource authorizator
Now lets create the same authorization for books by hand.
App\Model\Books
must be registered service.
You can also return *
from getActions()
method to tell that the authorizator can accept any action.
Use objects as resources
In previous code you may noticed unused argument $data
in isAllowed
method. Imagine that you want to allow all users
to update or delete their own books. First thing you need to do, is register some kind of "translator" from objects to
resource names (lets say mappers).
Now every time you pass App\Model\Book
object as resource, it will be automatically translated to book
resource,
which will be then processed with your App\Model\Books
service registered in previous example.
Or you can write "magic" is<action>Allowed
methods:
Linking to presenter
Now you can simply use annotations for setting current resource and action
Securing presenter components and signals
You can restrict any component or signal to some action. With that no one can access for example edit form from add action.
Keep in mind that actions at components or signals are presenter actions, not actions at your authorization configuration.
Now editForm
component can be rendered only on edit
action, favoriteButton
only on default
or detail
actions and
readLaterButton
anywhere.
Same @action
annotations can be used also for signals.
Presenter security modes
By default this package will try to check action, render, handle and createComponent methods. But if you'll omit some annotations, nothing will happen and that method will be allowed. This can be changed by turning on strict mode.
Other options are true
or false
, where true
is default value.
Compiler extension
Your own DI compiler extensions can implement interface Carrooi\Security\DI\ITargetResourcesProvider
for resource
mappers.
Extending User class
Be carefull if you want to extend Nette\Security\User
class, because carrooi\security
already extends that class
for it's own needs.
Changelog
-
2.0.0
- Allow resources to have many custom authorizators #9 (BC break)
-
1.2.1
- Throw an exception when using not registered resource object #8
-
1.2.0
-
1.1.0
- Add support for magic resource authenticator methods
is<action>Allowed
- Add support for magic resource authenticator methods
-
1.0.3
- Add lazy register resource authorizators - prevents circular references in some cases
-
1.0.2
- Looking if given object for authorization is subclass of some registered target resource
-
1.0.1
- Added default resources and actions (asterisk)
- 1.0.0
- Initial commit
All versions of security with dependencies
nette/utils Version ^2.4
nette/di Version ^2.4
nette/security Version ^2.4
nette/application Version ^2.4