Download the PHP package erdiko/authorize without Composer
On this page you can find all versions of the php package erdiko/authorize. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download erdiko/authorize
More information about erdiko/authorize
Files in erdiko/authorize
Package authorize
Short Description Authorize features
License MIT
Homepage http://erdiko.org
Informations about the package authorize
Erdiko Authorize
Authorize
An Erdiko package to provide user authorization.
Compatibility
This package is compatible with PHP 5.4 or above and the latest version of Erdiko.
Installation
Add the eridko/authorize package using composer with this command:
composer require erdiko/authorize
Requirements
Between its requirements we count on Pimple and Symfony Security. In case of Pimple, we choose this package to manage Dependency Injection, allowing us to add more flexibility and extensibility. It also adds compatibility with Symfony Security module.
How to Use
Once you have installed the package you are ready to start. Basic Role based Admin validation works out of the box!
To start using it in your code just create an instance of Authorizer
class. This class will expect an instance of
AuthenticationManagerInterface
from symfony/security package as a constructor parameter.
Here's an example:
It’s a best practice to add instance creation in the _before
hook. An example of this best practice looks like this:
You will then have a $this->auth
attribute available to use in any get or post action. This will be used in can
methods that determine access, allowing you to grant or reject access to a resource.
For example, if current user has ADMIN role, then it will be redirected to admin dashboard (GRANTED), otherwise the user will be redirected to login page (REJECTED).
Note that in this example, current user is an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface
,
stored in $_SESSION['tokenstorage']
.
Also available is the “VIEW_ADMIN_DASHBOARD” attribute we will use to grant or reject access for the current user.
You can use the same logic to validate Models by adding a __construct
method where you will place the authorize creation
Same for GRANT/REJECT:
Customization
This package provides you with a framework to create custom validation. There are two different methods to create custom validation:
- Custom Voters
Implement Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
interface, and pass them in an array as second argument of Authorizer
constructor.
- Custom Validator
Or you can create a Validator
class that implements erdiko\authorize ValidatorInterface
interface.
Then you will have to register all validators in /app/config/default/authorize.json
, and voila, all the custom validation
logic you've created is already available to the authorizer.
authorize.json
In these validator classes you will be able to define custom attributes, "VIEW_ADMIN_DASHBOARD" as we mention above, we might want to add "IS_PREMIUM_ACCOUNT", or any other attributes you want.
Note that namespace
field of the above JSON indicate the class namespace
and is related to the app root folder,
e.g. /app/validators/example/ExampleValidator.php
Let's implement the example class registered in the example JSON.
Special Thanks
Arroyo Labs - For sponsoring development, http://arroyolabs.com