PHP download

Download the PHP package orottier/authorization-required without Composer

On this page you can find all versions of the php package orottier/authorization-required. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download orottier/authorization-required
More information about orottier/authorization-required
Files in orottier/authorization-required

Vendor orottier
Package authorization-required
Short Description A simple and efficient authorization manager for the Laravel framework
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of orottier/authorization-required

Informations about the package authorization-required

AuthorizationRequired

A simple and efficient authorization package for the Laravel framework

What this package can and cannot do

This packages uses the available Eloquent hooks to impose rules for reading and writing your Models. No more, no less.

Will protect:

Read access & creation of new models
Updates and deletes of models, invoked on the model itself

Will not protect:

Raw queries: DB::table('users')->delete()
Mass updates and deletes: User::where('role', 'admin')->delete()

Please note the fundamental difference between

This package will only protect guard deletes/updates of the first type. The latter three will pass no matter what rules you impose.

Installation via Composer

Note: this package can only be used in combination with the Laravel framework.

Use composer to use AuthorizationRequired in your project

How it works

The Laravel models you want to protect should include the AuthorizationRequired trait and should have an authorization policy defined for create, update and delete actions.

The following method is placed on your model:

Use this query scope to limit the read access of your model. Together with the authorization policy, the rules of reading, updating, creating and deleting the model are defined.

Read behaviour

Calling Model::find will simply yield null if the the rules prevent the object to be seen (as if it did not exist). Your application has probably been configured to return a 404 status code in these cases.

Write behaviour (update, create, delete)

If your policy rules forbid writing the model, an AuthorizationRequired\PermissionException is thrown. Specifically: UpdatePermissionException, CreatePermissionException and DeletePermissionException. Your application can convert this into a nice 403 page using the render function in App\Exception.

Note that by Laravel's defaults, a missing rule will not allow any operations. Also, there must be a logged in user for any of the policies to be accepted.

Example usage

To illustrate the usage of this package, we will put authorization rules on a simple application that allows users to post and modify blog items (referred to as Post).

To put authorization rules on an Eloquent model, include the AuthorizationRequired trait:

By default, all read and write access is denied for posts now. Your application will look very empty. We should allow users to view posts that are visible and published. Of course a user should be able to see, edit and delete all of his own posts, even the hidden ones.

Allow reading

Read access rules are written as a query scope. By defining the function authorizationReadScope we will override the default 'deny all' behaviour:

If you wish to impose no restrictions on read access, simply pass the query unaltered:

Allow editing

Update/Create/Delete rules should be defined as an authorization policy.

All users can create a post:

We will set the rules for deleting a post equal to the rules for editing the post:

That's it!

All versions of authorization-required with dependencies

PHP Build Version

Package Version

Version 2.0.3 Release 01. Dec 2016
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of authorization-required from vendor orottier

Requires php Version >=5.3.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package orottier/authorization-required contains the following files

Loading the files please wait ....