Download the PHP package zycon42/security without Composer

On this page you can find all versions of the php package zycon42/security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of zycon42/security

Informations about the package security

Security

Build Status Latest release

Overview

Because I wasn't satisfied with current state of nette authorization mechanism I decided to port Symfony/Security into Nette.

It is largely based on Symfony/Security-Core. Sadly Nette authentication mechanism and Nette\Security\User class are incompatible with pure Symfony/Security-Core, so it was necessary to rewrite it.

Currently this project handles only Authorization for Authentication you have to use Nette classes. Also ACL isn't currently supported.

For more info how it works internally please refer to symfony security documentation.

Requirements

This project requires php 5.4

Installation

The best way to install Zycon42/Security is using the Composer:

and then you have to enable it in your config.neon

Basic Usage

Main entry point for authorizations is SecurityContext class. Sample usage:

Code above will deny access if current user doesn't have role named ADMIN. Instead of roles you can use IS_AUTHENTICATED or IS_ANONYMOUS that grant access only to authenticated users or anonymous users respectively.

Also you can utilize optional secondary parameter object of isGranted method and ask if current user can perform given action on given resource like this:

Voters

Symfony security uses idea of voters that vote if user will be granted or denied. Access decision manager collects these votes and decides based on them. Project ships with three voters. One for roles, second for IS_AUTHENTICATED, IS_ANONYMOUS tokens and last one for expressions which we will discuss later.

Using voters you can easily extend range of supported attributes and objects. You can for example implement typical use-case of user only allowed to edit own posts.

Create new voter implementing Zycon42\Security\Authorization\Voters\IVoter interface and then register it in DIC with specific tag

When you tag service with security.voter tag it will be added into AccessDecisionManager as voter.

For more information about voters and how to implement new one please refer to symfony documentation only remember that instead of TokenInterface we use IIdentity from nette.

Expressions

To be able to write more complex access rules you can use expressions. For parsing it we use symfony/expression-language.

There are several functions you can use in them:

Also you can access several variables:

Example usage:

Presenter annotations

To be able to use presenter annotations for granting/denying access use this in your secured presenter, which all your presenters that needs to use this, derive:

Remember not to override checkRequirements method in your derived presenters.

Now you can annotate your presenters and its action/render/handle methods with @Security annotations. Small example:

or on action method

When using annotations on presenters note that annotations are inherited and are checked in order from base class to derived classes.

Expressions in annotations are same as these on isGranted but additionally you have access to all current request parameters as variables and object variable contains current request. So if you use something that converts presenter methods parameters from id to actual objects by adding additional request variables like zycon42/param-converters you will be able to write:

Configuration

Here you can find possible configuration options and its default values

In roleHierarchy section you can define how roles inherit from each other

Note that ADMIN inheriting from USER is redundant because ADMIN inherits from USER through MANAGER. But here is list of each role effective list:

All versions of security with dependencies

PHP Build Version
Package Version
Requires php Version >= 5.4
nette/security Version ~2.2
nette/application Version ~2.2
symfony/expression-language Version ~2.5
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package zycon42/security contains the following files

Loading the files please wait ....