PHP download

Download the PHP package pimcore/frontend-permission-toolkit-bundle without Composer

On this page you can find all versions of the php package pimcore/frontend-permission-toolkit-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download pimcore/frontend-permission-toolkit-bundle
More information about pimcore/frontend-permission-toolkit-bundle
Files in pimcore/frontend-permission-toolkit-bundle

Vendor pimcore
Package frontend-permission-toolkit-bundle
Short Description Provides a way to configure permissions for frontend applications in data objects.
License GPL-3.0+

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of pimcore/frontend-permission-toolkit-bundle

Informations about the package frontend-permission-toolkit-bundle

FrontendPermissionToolkit

Adds some helpers to define permissions for users in websites based on Pimcore objects. So user permissions for complex systems can be defined directly in Pimcore objects.

A scenario to set up a role based permission system:

user represented as objects with a number of permission rights (= Permission Resources)
each user has relations to user groups (also Pimcore objects) with also a number of permission rights (= Permission Resources)

Installation instructions

Inside your pimcore project require the bundle as a dependency:
Enable the bundle using the CLI command:

This will enable & install the bundle in your pimcore project as well as run the assets:install command. Alternatively you can log in to your admin area go to Tools > Extensions and enable the bundle from the list by clicking on the appropriate icon.

Functionality overview

Additional data types for Pimcore objects
- Permission Resource:
  - represents one specific user right (e.g. login)
  - can have values allow deny inherit
- Dynamic Permission Resource:
  - represents a set of specific rights for a user
  - each entry can have values allow deny inherit
  - actual permission resources are defined by a data provider
  - defined in the class definition, either defined by class name or service name with leading @
  - data provider class needs to implement DataProviderInterface and return an array of roles and labels:
- Permission ManyToMany Relation: Wrapper for default data type objects for recursive permission calculation.
- Permission ManyToOne Relation: Wrapper for default data type href for recursive permission calculation.
Service for checking user rights based on a Pimcore object and a permission resource as service class Service with two methods:
- Service::getPermissions:
  - returns an array of all permissions for the given object, automatically merges all permission resources of objects related to the given object with 'Permission Objects' or 'Permission Href'.
  - merging: When permission is set to allow / deny directly in object, this is always used. Otherwise optimistic merging is used -> once one permission is allowed, it stays that way.
- Service::isAllowed: checks if given object is allowed for given resource

The Service is registered at the container with the key bundle.frontendpermissiontoolkit.service.

Event listener

The postGetPermissions event listener allows you to manipulate the permissions after they have been collected. Take into account that the getPermissions method can be executed recursively. Therefore, make sure you add an object condition.

Integration with Symfony Security

For how to integrate Pimcore objects with Symfony Security in general have a look at Pimcore docs.

In order to use Permission Resources in Symfony Security definition, you could export each allowed Permission Resource of an Pimcore object as role.

To do so, add the trait FrontendPermissionToolkitBundle\CoreExtensions\Traits\PermissionResourcesAsRolesTrait to your Pimcore user object and make sure there is no other getRoles method defined in the object. This method returns all Permission Resources the user is allowed prefixed with GROUP_ to as an array.

As a consequence, you can use Permission Resources in your access control configuration as follows:

Note: To apply changes of permissions in the user object, the user has to logout and login again.

Integration with Pimcore navigation

To show/hide documents in navigation, you can assign Permission Resources as properties to Pimcore documents. Just add a property named permission_resource with name name of the permissionResource as value to the document.

A special navigation builder shipped by this bundle (FrontendPermissionToolkitBundle\CoreExtensions\Navigation\Builder) then can show/hide documents in navigation based on the permissions of the current user.

To do so, add following service definition to your application:

Make sure that you deactivate the caching of the Pimcore navigation creation!

This only hides the document in navigation. It does not check permissions when the document is called directly via its url. Add an additional check into controller or access control to make sure the document cannot be called with missing permissions.

All versions of frontend-permission-toolkit-bundle with dependencies

PHP Build Version

Package Version

Version v2.0.4 Release 21. Aug 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of frontend-permission-toolkit-bundle from vendor pimcore

Requires pimcore/pimcore Version ^11.0
symfony/config Version ^6.1
symfony/dependency-injection Version ^6.1
symfony/event-dispatcher Version ^6.1
symfony/event-dispatcher-contracts Version ^3.0
symfony/security-core Version ^6.1

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package pimcore/frontend-permission-toolkit-bundle contains the following files

Loading the files please wait ....