Download the PHP package outlandishideas/php-crud-api-secure without Composer
On this page you can find all versions of the php package outlandishideas/php-crud-api-secure. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download outlandishideas/php-crud-api-secure
More information about outlandishideas/php-crud-api-secure
Files in outlandishideas/php-crud-api-secure
Package php-crud-api-secure
Short Description Secure-by-default wrapper around mevdschee/php-crud-api.
License
Informations about the package php-crud-api-secure
Secure PHP-CRUD-API
A wrapper around mevdschee/php-crud-api which makes it secure by default,
by ensuring that the authorization
middleware is enabled and has handlers for tables and columns.
Usage
This library is used in exactly the same way as mevdschee/php-crud-api
except that it will throw a InvalidArgumentException
if the authorization
, authorization.tableHandler
and
authorization.tableHandler
middleware properties are not set in the API constructor.
Using custom tableHandler
and columnHandler
functions:
Basic use case e.g. for Slim/Laravel app:
Using TablePermissions helper
The SecureConfig class can be passed an array of TablePermissions sub-classes to make it easier to explicitly define which columns from which tables can be operated on:
The TablePermissions
sub-classes can set their column permissions with the xyzColumns
properties below (as
arrays of column names), and whether they can be deleted:
allReadColumns
(default for read/list)allWriteColumns
(default for create/update/increment/delete)readColumns
listColumns
createColumns
updateColumns
incrementColumns
canDelete
(boolean)
We recommend handling authentication in your outer application rather than using the built-in middleware e.g.