Download the PHP package scaleplan/access without Composer

On this page you can find all versions of the php package scaleplan/access. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package access

Access

Access control system + check of argument types.

Installation

composer reqire scaleplan/access


Initialization

where schema and data are optional parameters indicating the need to generate Access schema in the database and API URLs, files and entered in the configuration respectively.


Mechanics of work

The controller method is called from outside the controller class. How this happens is unimportant.

If the method is public, or the comment in the method indicates the value of the access_no_rights_checkDirective the configuration, the system is not involved and the execution occurs as usual. If the method is private (access modifiers private and protected) and if you specify a special phpdoc tag treatment method system Access (value Directive access_label configuration), then the database query that checks the possibility of execution of the method with the come settings for a specific user (user ID is specified when you create objects Access).

For example:

This example will check the current user's access to the static get method of the User class for any values of the $id argument.

However, access can be defined to execute a method with specific arguments:

In this example, access will be allowed only if the value of the $id filter argument is included in the list of allowed values stored in the database (column values of the table access_right). A list in the database will look like:

ARRAY ['<filter value 1>, <filter value 2',...]

You can also filter by several arguments:

In this case, the list of allowed beginnings will have the format:

Therefore, to allow the method 'User::setRole(21,' Moderator) to be executed, it is necessary that the value21:Moderator ' be in the list of allowed values, for the default switch :

The module supports type checking of input parameters. Php 7 supports type hinting for type checking, however, Access acts more intelligently:

  1. In PHP, method arguments and return types can have only one type:

protected static function setRole(int $id, string $role): void

If we want a multi-type typesetting like in C# or TypeScript:

then native PHP will not allow you to do this.

Subsystem type checking Access can focus on PHPDOC and test values for multiple types if they are specified in PHPDOC:

  1. By default, the value of an argument can be considered "correct" even if its type does not match the expected type, but the value cast to the expected type (or one of the expected) does not differ from the original in a fuzzy comparison (==). This behavior can be disabled by specifying a tag from the deny_fuzzy configuration Directive for the method.

This functionality is available For both controller methods such for model methods.

The module supports the generation of URLs to API methods from controller files.

It is only necessary to specify the required configuration directives in the configuration file Access.

After generating automatically filled in table access.url

In the configuration file, you can specify the roles of system users

Why these roles can be tied to real users registered in the system and set the default access rights for each role.

In spite of this, further access rights for any user can be changed regardless of the initial set of rights - access rights by default exist only to set it was possible to automatically give a set of rights to the user.

The module supports access rights management for private files. The mechanism is the same as for the API. In fact, the system still works it with the URLs for the methods of controllers or with the corners of private files. To generate links to the files you just need to set the config directory in which these files are stored:

Additional URLs for verification can be set simply by writing them to the configuration file in the urls Directive:


To work correctly with the controller methods, the controller classes to be processed must inherit from the AccessControllerParent class. To check arguments of methods models, you should inherit a model class from a class AccessServiceParent.

The main data store of the system is PostgreSQL. However, the data required for the authorization check is cached in the Redis store. To increase performance.

When you change data in the primary storage (PostgreSQL), the data in the cache (Redis) is automatically updated by the trigger. The user of the PostgreSQL process must have access to the Redis repository for the trigger to execute correctly.


Additional functionality:
  1. Supports the addition of callbacks running before and after the successful execution of the controller method. At the same time, these flasks can change the input data and the result accordingly.

  2. During initialization, the module retrieves the name of all database tables from the database. In the future, access to these tables will be handled by the rights checking subsystem. You can edit this information in the database as you like.

  3. In addition to the database, you can specify the controller method type, which is also the type of API methods, to know which method will be changing, deleting, creating or reading, which can be useful for filtering the controller methods in the user interface.


Class documentation


All versions of access with dependencies

PHP Build Version
Package Version
Requires phpdocumentor/reflection-docblock Version *
symfony/yaml Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package scaleplan/access contains the following files

Loading the files please wait ....