|
4 | 4 | Provides a ACL repository and Middleware using Zend/Permissions/Acl library |
5 | 5 | PSR-7 Compliant |
6 | 6 |
|
| 7 | +- Blog post on this package |
| 8 | +- http://bolt.tamingtheelephpant.com/page/psr-7-permissions |
| 9 | + |
| 10 | +# How it works |
| 11 | +- Resources are end-points |
| 12 | +- Roles are a group of resources |
| 13 | +- You can either allow or deny those roles. |
| 14 | + |
| 15 | +The roles a user has are loaded into the AclRepo on every request. I suggest loading them into a session variable rather than pulling them from storage everytime (usage case depending). |
| 16 | + |
| 17 | +The current route is then inspected and compared to the list of accessable resources in a middleware. a 401 is returned if a user is not allowed. If the user is allowed the application is allowed to continue. |
| 18 | + |
| 19 | +By default no message body is provided on the 401, and if you require a page to be rendered then you will need to write your own middleware. |
| 20 | + |
7 | 21 | # Usage Example |
8 | 22 |
|
9 | 23 | ```php |
@@ -69,4 +83,42 @@ return [ |
69 | 83 | ]; |
70 | 84 | ``` |
71 | 85 |
|
72 | | -If this does not fit your usage, feel free to override the default handler by setting your own via `setHandler(callable)` |
| 86 | +If this does not fit your usage, feel free to override the default handler by setting your own via `setHandler(callable)` |
| 87 | + |
| 88 | +## Middleware |
| 89 | +You can use the repo class directly which contains this code block... or modify this code block to suit your needs. |
| 90 | +```php |
| 91 | + |
| 92 | +$app->add(function (Request $request, Response $res, $next) { |
| 93 | + /** @var $aclRepo AclRepository */ |
| 94 | + $aclRepo = $this->get(AclRepository::class); //In Slim 3 the container is bound to function definitions |
| 95 | + $allowed = false; // We assume that the user cannot access the route |
| 96 | + |
| 97 | + $route = '/' . ltrim($request->getUri()->getPath(), '/'); //We construct our path |
| 98 | + |
| 99 | + try { //Check here... This will pass when a route is simple and there is no route parameters |
| 100 | + $allowed = $aclRepo->isAllowedWithRoles($aclRepo->getRole(), $route); |
| 101 | + } catch (InvalidArgumentException $iae) { //This is executed in cases where there is a route parameters... /user/{id:} |
| 102 | + $fn = function (ServerRequestInterface $requestInterface, AclRepository $aclRepo) { |
| 103 | + //This will likely only work in Slim 3... This requires the determineRouteBeforeAppMiddleware => true to be set in the container |
| 104 | + $route = $requestInterface->getAttribute('route'); // Grab the route to get the pattern |
| 105 | + if (!empty($route)) { |
| 106 | + foreach ($aclRepo->getRole() as $role) { |
| 107 | + if ($aclRepo->isAllowed($role, $route->getPattern())) { // check to see fi the user can access the pattern |
| 108 | + return true; //Is allowed |
| 109 | + } |
| 110 | + } |
| 111 | + } |
| 112 | + return false; |
| 113 | + }; |
| 114 | + |
| 115 | + $allowed = $fn($request, $aclRepo); // Execute the fail-safe |
| 116 | + } |
| 117 | + |
| 118 | + if ($allowed) { |
| 119 | + return $next($request, $res); |
| 120 | + } else { |
| 121 | + return $res->withStatus(401); //Is not allowed. if you need to render a template then do that. |
| 122 | + } |
| 123 | +}); |
| 124 | +``` |
0 commit comments