alsbury/chiphpotle-rest

Library to interact SpiceDB REST API

v0.7.1 2024-05-09 18:38 UTC

This package is auto-updated.

Last update: 2024-11-09 19:45:54 UTC


README

PHP REST API Client for SpiceDB

SpiceDB is a database for creating and managing security-critical application permissions. Chiphpotle is a PHP client for their rest API. For more information, please visit https://github.com/authzed/api.

Requirements

Supports PHP 8.1 and newer, and supports SpiceDB 1.30 and above.

Installation with Composer

composer require alsbury/chiphpotle-rest

Getting Started

Initialize Client

<?php
require_once(__DIR__ . '/vendor/autoload.php');

$apiClient = Client::create('http://spicedb:8443/', 'mysecret');

$request = new CheckPermissionRequest(
    SubjectReference::create('user', 'bob'),
    'view',
    ObjectReference::create('document', 'topsecret1'),
);
try {
    $response = $apiClient->checkPermission($request);
    if ($response->getPermissionship() == Permissionship::HAS_PERMISSION) {
        echo 'You may Pass!'
    }
} catch (Exception $e) {
    echo 'Exception when calling PermissionsServiceApi->permissionsServiceCheckPermission: ', $e->getMessage(), PHP_EOL;
}

Experimental APIs

Included in the client are three experimental APIs. Though SpiceDB advertised these APIs im 1.25 and earlier, they did not work in the http gateway. This had been fixed, in versions 1.26 and above. In SpiceDB 1.30 the check bulk permissions graduated and the experimental api was deprecated.

Tests

copy .env.dist to .env and adjust the BASE_URL and API_KEY. Spicedb must be running on the url specified, we recommend running using the serve-testing mode.

To run the tests, start use:

composer install
spicedb serve-testing --http-enabled
vendor/bin/phpunit

Code Generation

This client was created by starting with an auto-generated client from the open-api json schema provided by spicedb using jane-openapi.

Once SpiceDB is running, you can regenerate all the classes and client to pick up any new spicedb apis by running:

vendor/bin/jane-openapi generate

This generates the client in a generated directory which then can be cleaned up and moved over to the src directory. To get a good start run PHP CS Fixer to format things more consistently.

vendor/bin/php-cs-fixer fix