Download the PHP package carrooi/security without Composer

On this page you can find all versions of the php package carrooi/security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package security

Carrooi/Security

Build Status Donate

Extensible authorization built on top of nette/security.

This package came in handy if you want to create modular website and keep all pieces decoupled with "custom" checking for privileges.

Now you can really easily check if eg. given user is author of some book and so on..

This idea comes from nette/addons website.

Installation

Then just enable nette extension in your config.neon:

Configuration

Well, there is nothing modular.... Yet.... We just say that resource book has view action which is accessible to everyone, add to logged users and edit with delete actions to users with admin role.

There are also two default options. With the first one we say that each ->isAllowed() call on unknown action will automatically return true. But the second default will overwrite this option for all book actions to false.

That means that eg. ->isAllowed('book', 'detail') will return false, but ->isAllowed('user', 'detail') true.

Other resources and actions

If default option is not enough, you can create default resource or default action with asterisk.

Custom resource authorizator

Now lets create the same authorization for books by hand.

App\Model\Books must be registered service.

You can also return * from getActions() method to tell that the authorizator can accept any action.

Use objects as resources

In previous code you may noticed unused argument $data in isAllowed method. Imagine that you want to allow all users to update or delete their own books. First thing you need to do, is register some kind of "translator" from objects to resource names (lets say mappers).

Now every time you pass App\Model\Book object as resource, it will be automatically translated to book resource, which will be then processed with your App\Model\Books service registered in previous example.

Or you can write "magic" is<action>Allowed methods:

Linking to presenter

Now you can simply use annotations for setting current resource and action

Securing presenter components and signals

You can restrict any component or signal to some action. With that no one can access for example edit form from add action.

Keep in mind that actions at components or signals are presenter actions, not actions at your authorization configuration.

Now editForm component can be rendered only on edit action, favoriteButton only on default or detail actions and readLaterButton anywhere.

Same @action annotations can be used also for signals.

Presenter security modes

By default this package will try to check action, render, handle and createComponent methods. But if you'll omit some annotations, nothing will happen and that method will be allowed. This can be changed by turning on strict mode.

Other options are true or false, where true is default value.

Compiler extension

Your own DI compiler extensions can implement interface Carrooi\Security\DI\ITargetResourcesProvider for resource mappers.

Extending User class

Be carefull if you want to extend Nette\Security\User class, because carrooi\security already extends that class for it's own needs.

Changelog


All versions of security with dependencies

PHP Build Version
Package Version
Requires php Version >5.6
nette/utils Version ^2.4
nette/di Version ^2.4
nette/security Version ^2.4
nette/application Version ^2.4
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package carrooi/security contains the following files

Loading the files please wait ....