charcoal / user
User definition, authentication and authorization.
Requires
- php: ^7.4 || ^8.0
- charcoal/config: ^5.0
- charcoal/core: ^5.0
- charcoal/factory: ^5.0
- charcoal/object: ^5.0
- charcoal/translator: ^5.0
- laminas/laminas-permissions-acl: ^2.8
- psr/log: ^1.0
Requires (Dev)
- cache/void-adapter: ^1.0
- php-coveralls/php-coveralls: ^2.2
- phpunit/phpunit: ^9.5
- seld/jsonlint: ^1.9
- squizlabs/php_codesniffer: ^3.5
- tedivm/stash: ~0.16
Replaces
- dev-main / 5.x-dev
- v5.0.0
- v4.1.0
- v4.0.8
- v4.0.7
- v4.0.6
- v4.0.5
- v4.0.4
- v4.0.2
- v4.0.1
- v4.0.0
- v3.1.8
- v3.1.7
- v3.1.6
- v3.1.5
- v3.1.4
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v2.2.3
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.2
- 0.7.0.2
- 0.7.0.1
- 0.7.0
- 0.6.4
- 0.6.3
- 0.6.2
- 0.6.1
- 0.6.0.3
- 0.6.0.2
- 0.6.0.1
- 0.6.0
- 0.5.2
- 0.5.1.1
- 0.5.1
- 0.5.0
- 0.4.1.1
- 0.4.1
- 0.4.0.2
- 0.4.0.1
- 0.4
- 0.3.2
- 0.3.1
- 0.3.0
- 0.2.2
- 0.2.1
- 0.2
- 0.1.6
- 0.1.5.1
- 0.1.5
- 0.1.4
- 0.1.3
- 0.1.2
- 0.1.1
- 0.1
- dev-feature/camelizePropertiesAndUseArrayAccess
- dev-acl-manager-refactor
- dev-mducharme-camelcase
- dev-mducharme-jwt
This package is auto-updated.
Last update: 2024-12-13 16:41:44 UTC
README
The User package provides abstract tools for defining user models, authenticating and authorizating users from an integration with Laminas Permissions ACL.
Installation
composer require charcoal/user
Overview
The User object
At the core of this module is the definition of a "User" object. The contract can be found as \Charcoal\User\UserInterface
. This interfaces extends \Charcoal\Object\ContentInterface
(from charcoal/object
), which extends \Charcoal\Model\ModelInterface
(from charcoal/core
).
The preferred way of using this module is by defining your own User class in your project and extending the provided \Charcoal\User\AbstractUser
class.
For quick prototypes or small projects, a full concrete class is provided as \Charcoal\User\GenericUser
.
User properties
Note that the
key
of the User is theusername
. Therefore,id()
returns the username. It must be unique.
Properties inherited from Content-Interface
:
Authentication
TODO
Authorization
User authorization is managed with a role-based Access Control List (ACL). Internally, it uses laminas/laminas-permissions-acl
for the ACL logic. It is recommended to read the Laminas ACL documentation to learn more about how it all works.
There are 2 main concepts that must be managed, either from JSON config files or in the database (which works well with charcoal/admin
), roles and permissions.
ACL Configuration
To set up ACL, it is highly recommended to use the \Charcoal\User\Acl\Manager
.
ACL Example
{ "acl": { "permissions": { "superuser": { "superuser": true }, "author": { "allowed": {}, "denied": {} } } } }
use Charcoal\User\Acl\Manager as AclManager; use Laminas\Permissions\Acl\Acl; use Laminas\Permissions\Acl\Resource\GenericResource as AclResource; $acl = new Acl(); // Add resource for ACL $acl->addResource(new AclResource($resourceName)); $aclManager = new AclManager([ 'logger' => $logger, ]); $aclManager->loadPermissions($acl, $config['acl.permissions'], $resourceName); $authorizer = new Authorizer([ 'logger' => $logger, 'acl' => $acl, 'resource' => $resourceName, ]); $isAllowed = $authorizer->userAllowed($user, [ 'permssion' ]);