Download the PHP package ordermind/logical-permissions without Composer

On this page you can find all versions of the php package ordermind/logical-permissions. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package logical-permissions

logical-permissions

This is a generic library that provides support for array-based permissions with logic gates such as AND and OR. You can register any kind of permission types such as roles and flags. The idea with this library is to be an ultra-flexible foundation that can be used by any framework. Supported PHP version is 5.6 or higher.

Getting started

Installation

composer require ordermind/logical-permissions

Usage

Register permission types

Permission types are used to check different kinds of conditions for access control, and the first thing to do is to create one of these and register it. Let's say, for example, that we want to determine access using the current user's roles. First you create a class that implements like this:

Now we have implemented the two required methods - getName() and checkPermission() - and created a simple example for checking a role for a user. The name of the permission type is going to be used later as a key in your permission tree, and the checkPermission() method is where you, in this case, check whether the current user has a role or not.

Once you have created a permission type you can register it like this:

Check access

Now everything is set and you can check the access for a user based on their roles:

Permission trees

In the previous example, we had a variable called that looked like this:

This is an example of a permission tree. A permission tree is a hierarchical combination of permissions that is evaluated in order to determine access for a specific action. Let's say for example that you want to restrict access for updating a user. You'd like only users with the role "admin" to be able to update any user, but users should also be able to update their own user data (or at least some of it). With the format that this library provides, these conditions could be expressed elegantly in a permission tree as such:

In this example role and flag are the evaluated permission types. For this example to work you will need to register the permission types 'role' and 'flag' according to the previous guide.

Bypassing access checks

This library also supports rules for bypassing access checks completely for superusers. In order to use this functionality you first need to create a class that implements like this:

Then you can register it like this:

From now on, every time you call the user with the id 1 will be exempted so that no matter what the permissions are, they will always be granted access. If you want to make exceptions, you can do so by adding 'NO_BYPASS' => TRUE to the first level of a permission tree. You can even use permissions as conditions for NO_BYPASS.

Examples:

Logic gates

Currently supported logic gates are NOT. You can put logic gates anywhere in a permission tree and nest them to your heart's content. All logic gates support only an array as their value, except the NOT gate which has special rules. If an array of values does not have a logic gate as its key, an OR gate will be assumed.

AND

A logic AND gate returns true if all of its children return true. Otherwise it returns false.

Examples:

NAND

A logic NAND gate returns true if one or more of its children returns false. Otherwise it returns false.

Examples:

OR

A logic OR gate returns true if one or more of its children returns true. Otherwise it returns false.

Examples:

Shorthand OR

As previously mentioned, any array of values that doesn't have a logic gate as its key is interpreted as belonging to an OR gate.

In other words, this permission tree:

is interpreted exactly the same way as this permission tree:

NOR

A logic NOR gate returns true if all of its children returns false. Otherwise it returns false.

Examples:

XOR

A logic XOR gate returns true if one or more of its children returns true and one or more of its children returns false. Otherwise it returns false. An XOR gate requires a minimum of two elements in its value array.

Examples:

NOT

A logic NOT gate returns true if its child returns false, and vice versa. The NOT gate is special in that it supports either a string or an array with a single element as its value.

Examples:

Boolean Permissions

Boolean permissions are a special kind of permission. They can be used for allowing or disallowing access for everyone (except those with bypass access). They are not allowed as descendants to a permission type and they may not contain children. Both true booleans and booleans represented as uppercase strings are supported. Of course a simpler way to allow access to everyone is to not define any permissions at all for that action, but it might be nice sometimes to explicitly allow access for everyone.

Examples:

API Documentation

Table of Contents

AccessChecker

Checks access based on registered permission types, a permission tree and a context.

setPermissionTypeCollection

Sets the permission type collection.

Parameters:

Parameter Type Description
$permissionTypeCollection \Ordermind\LogicalPermissions\PermissionTypeCollectionInterface

getPermissionTypeCollection

Gets the permission type collection.


setBypassAccessChecker

Sets the bypass access checker.

Parameters:

Parameter Type Description
$bypassAccessChecker \Ordermind\LogicalPermissions\BypassAccessCheckerInterface

getBypassAccessChecker

Gets the bypass access checker.


getValidPermissionKeys

Gets all keys that can be used in a permission tree.

Return Value:

Valid permission keys.


checkAccess

Checks access for a permission tree.

Parameters:

Parameter Type Description
$permissions array|string|boolean The permission tree to be evaluated.
$context array|object|NULL (optional) A context that could for example contain the evaluated user and document. Default value is NULL.
$allowBypass boolean (optional) Determines whether bypassing access should be allowed. Default value is TRUE.

Return Value:

TRUE if access is granted or FALSE if access is denied.


PermissionTypeCollection

Collection of permission types.

add

Adds a permission type to the collection.

Parameters:

Parameter Type Description
$permissionType \Ordermind\LogicalPermissions\PermissionTypeInterface
$overwriteIfExists boolean (optional) If the permission type already exists in the collection, it will be overwritten if this parameter is set to TRUE. If it is set to FALSE, Ordermind\LogicalPermissions\Exceptions\PermissionTypeAlreadyExistsException will be thrown. Default value is FALSE.

remove

Removes a permission type by name from the collection. If the permission type cannot be found in the collection, nothing happens.

Parameters:

Parameter Type Description
$name string The name of the permission type.

has

Checks if a permission type exists in the collection.

Parameters:

Parameter Type Description
$name string The name of the permission type.

get

Gets a permission type by name. If the permission type cannot be found, NULL is returned.

Parameters:

Parameter Type Description
$name string The name of the permission type.

toArray

Returns a PHP array representation of this collection.



All versions of logical-permissions with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4
ordermind/logic-gates Version ^1.3.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ordermind/logical-permissions contains the following files

Loading the files please wait ....