Download the PHP package nepada/security-annotations without Composer

On this page you can find all versions of the php package nepada/security-annotations. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package security-annotations

Security Annotations

Build Status Coverage Status Downloads this Month Latest stable

Installation

Via Composer:

Register the extension in config.neon:

Usage

This package builds on top of the standard access authorization of Nette components, namely Nette\Application\UI\Component::checkRequirements() method. This method is called before invoking any of component/presenter signal handlers, and before presenter startup, action<> and render<> methods.

With this package you can specify the access rules via attributes on any of the mentioned methods, or on presenter class. To enable this feature simple use SecurityAnnotations trait in any presenter or component and make sure RequirementsChecker service gets injected via injectRequirementsChecker() - with default Nette configuration this should work on presenters out of the box, but you need to take care of components, e.g. by enabling inject calls.

Example:

The attributes and rules they enforce are completely customizable (see below), however the default setup comes with three predefined rules:

Securing components

Properly securing components is a tricky business, take a look at the following example:

Securing presenter action<> (or render<>) methods is not sufficient! All it takes is a one general route in your router, e.g. a very common Route('<presenter>/<action>'), and anyone may successfully submit the form by sending POST request to /secured/foo URL.

You should always check user's permissions when creating the component. To make your life easier there is SecuredComponents trait that calls the standard Nette\Application\UI\Component::checkRequirements() method before calling the component factory (nette/application 3.2.2 and later performs this check natively, making the trait obsolete). Combining it with SecurityAnnotations it allows you to control access to components via attributes on createComponent<> methods.

Customizing access validators

How do access validators work?

Every access validator implements Nepada\SecurityAnnotations\AccessValidators\AccessValidator interface. The access validator specifies which attribute type it supports via its public API.

When checking the requirements PHP attributes are passed one by one to associated access validator for inspection. Based on the attribute value the validator decides either to deny access (throws Nette\Application\BadRequestException), or grant access (no exception is thrown).


All versions of security-annotations with dependencies

PHP Build Version
Package Version
Requires php Version >=8.1.0 <8.5
nette/utils Version ^3.2@dev || ^4.0@dev
nette/component-model Version ^3.0.2@dev
nette/application Version ^3.1.4@dev
nette/security Version ^3.1@dev
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package nepada/security-annotations contains the following files

Loading the files please wait ....