archict / firewall
Control access to resources
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 1
Type:archict-brick
Requires
- php: >= 8.2
- archict/brick: ^0
- archict/router: ^0
- psr/http-message: ^2.0
Requires (Dev)
- archict/core: ^0
- guzzlehttp/psr7: ^2.6
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10
- slevomat/coding-standard: ^8.15
- squizlabs/php_codesniffer: ^3.9
- vimeo/psalm: ^5.22
This package is auto-updated.
Last update: 2024-05-18 08:44:25 UTC
README
Control access to your resources
How to use
The majority of the work is inside the config file firewall.yml:
providers: my_provider: \Class\Name\Of\My\User\Provider access_control: - path: ^/admin # Path to match (a regex) provider: my_provider roles: [ "ADMIN" ] # Roles user need to have to see resources error: 404 # If user not authorized, then return this error code - path: ^/profile provider: my_provider roles: [ "USER" ] redirect_to: /login # If user not authorized, then return to this uri
Let's go in details!
User provider
To help firewall to get current user, you need to give it a User provider.
This Brick provides you the interface \Archict\Firewall\UserProvider:
<?php namespace Archict\Firewall; interface UserProvider { public function getCurrentUser(ServerRequestInterface $request): UserWithRoles; }
The class you pass in the config must implement this interface.
User is an interface also provided by this Brick:
<?php namespace Archict\Firewall; interface UserWithRoles { /** * @return string[] */ public function getRoles(): array; }
Access control
This config tag must contain an array of rules.
Each rule must have at least the path tag. This tag define the path to match, it can be a pattern with the same rules
as in Archict\router.
Then you have the choice between let the firewall check if user can access the resource (the check is based on user roles), or implement your own checker.
Firewall checker
If you choose to use firewall checker, then you must provide these 2 tags:
provider➡ One of the previously defined providerroles➡ An array of string. User must have one of these roles to access resource
Then you can define the behavior with one these rules (only one):
error➡ a HTTP error code to returnredirect_to➡ return a 301 response with the specified uri
Your own checker
To use your own checker, your class must implement this interface:
<?php namespace Archict\Firewall; interface UserAccessChecker { public function canUserAccessResource(ServerRequestInterface $request): bool; }
This method returns true if user is authorized to see resource. It can throw an exception the same way as defined
in Archict\router.
Then you can provide the class name to your rule with the tag checker:
access_control: - path: some/path checker: \My\Own\Checker
You can also provide one of the behavior tag (see Firewall checker) in case your method
returns false.