Download the PHP package kusebauch/nette-security-annotation without Composer

On this page you can find all versions of the php package kusebauch/nette-security-annotation. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package nette-security-annotation

Build Status codecov.ioLatest Stable VersionLicense

nette-security-annotation

Security by annotations in Nette.

Allows securing presenters by using annotations on presenter "action" and "handle" methods. Also can tie presenter components to specific actions and secure the creation of component by the same manner.

Installation

The easiest way to install is via composer. Just run: composer require kusebauch/nette-security-annotation

Optionally you can just download the source and include the files as needed.

Basic Usage

To enable the security just add the @Secured annotation to a method. (action*, handle*, render* or createComponent*) Optionally you can add the annotation to the class and it will cascade to all methods in the class.

Resource

Every method can have exactly one resource associated with it as of right now. The resource is defined by the @Resource annotation with string value. Resource defined at the class level is OVERRIDDEN by resource defined at method level.

Privilege

Every method can have unlimited amount of privileges associated with it. They are defined by the @Privilege annotation. The values are either string or array of strings. Privilege defined at class level are MERGED with the privileges defined at method level. Privileges are not strict - You need to have at least one privilege to access the method, not all of them.

Action

Specific annotation for createComponent* methods. Can tie this this component factory to a specific presenter action. It is defined by the @Action annotation and the rules are the same as are for the Privilege annotation.

Violation behavior

If a violation of privileges happens in an action*, handle* or render* methods, ForbiddenRequestException is thrown. THe same exception is thrown if the user is not logged in. If a method has @Secured annotation, but does not have a @Resource annotation associated with it, InvalidStateException is thrown. Also if a you try to access a component in incorrect method, ForbiddenRequestException is thrown.

Example

For examples of usage, see "tests/_support".

Advanced usage

There are some considerations for advanced usage based on this library.

Overriding presenter methods

This library overrides the default behavior for createComponent and checkRequirements presenter methods. For this reason, special care has to be taken if overriding these methods in your own code, especially, if you use "trait" version of this library.

For createComponent method, the library calls the checkRequirements method and checks the @Action annotation.

For checkRequirements method, the library parses the annotations and calls the "$presenter->getUser()->isAllowed($resource, $privilege)" for every @Resource and @Privilege pair, tills it find the first pair, for witch it is allowed (if any).

Overriding default behavior

You might want a different behavior if a violation of permissions happens. In this case you can just "Override the presenter methods" (more above). In this case, you might want a code like this:


All versions of nette-security-annotation with dependencies

PHP Build Version
Package Version
Requires nette/application Version 2.3.*
latte/latte Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kusebauch/nette-security-annotation contains the following files

Loading the files please wait ....