Download the PHP package programmingarehard/arbiter without Composer
On this page you can find all versions of the php package programmingarehard/arbiter. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download programmingarehard/arbiter
More information about programmingarehard/arbiter
Files in programmingarehard/arbiter
Package arbiter
Short Description Convenience library to manipulate Symfony ACL's
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package arbiter
Arbiter
Note: Arbiter assumes Symfony's security component ACL's have already been set up.
Documentation
Arbiter makes granting users different permissions for specific objects easy. It does this by hiding the complexity of working with Symfony's security component to manipulate ACL's.
You don't need to worry about: ACL's, ACE's, object identities, security identities, mask builders, etc.
Read the generated API documentation or view code samples below.
Updating permissions
Note: Arbiter uses Symfony's BasicPermissionMap internally. Out of the box, the Arbiter is limited to those permissions and is case-sensitive.
Checking permissions
Suggestions
Only check against a single permission even though the Permissions object can contain several. The security component, by default, will grant access if the user has any one of the permissions contained in the Permissions object. For example:
If the user has an ACE entry for either EDIT or OPERATOR, access is granted. Checking against multiple permissions at the same time can cause confusion.
Gotchas
Because of the bitmask implementation of Symfony's ACL system, removing permissions isn't as straight-forward as one might think. Consider the following example:
Because the OPERATOR permission infers the DELETE permission in Symfony's security system,
one might think you can simply remove it and assume the $user has every CRUD permission except DELETE.
This is false and the wrong way to think about it. The $user will still have the OPERATOR permission which
still includes the DELETE permission.
Instead, a better approach would be to create a new Permissions object with only the explicit permissions the $user should
hold. This new Permissions object should be used in a $arbiter->updatePermissions($user, $permissions) method call.
