charcoal / user
User definition, authentication and authorization.
Requires
- php: ^7.4 || ^8.0
- charcoal/config: ^5.0
- charcoal/core: ^5.0
- charcoal/factory: ^5.0
- charcoal/object: ^5.0
- charcoal/translator: ^5.0
- laminas/laminas-permissions-acl: ^2.8
- psr/log: ^1.0
Requires (Dev)
- cache/void-adapter: ^1.0
- php-coveralls/php-coveralls: ^2.2
- phpunit/phpunit: ^9.5
- seld/jsonlint: ^1.9
- squizlabs/php_codesniffer: ^3.5
- tedivm/stash: ~0.16
Replaces
- dev-main / 5.x-dev
- v5.0.0
- v4.1.0
- v4.0.8
- v4.0.7
- v4.0.6
- v4.0.5
- v4.0.4
- v4.0.2
- v4.0.1
- v4.0.0
- v3.1.8
- v3.1.7
- v3.1.6
- v3.1.5
- v3.1.4
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v2.2.3
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.2
- 0.7.0.2
- 0.7.0.1
- 0.7.0
- 0.6.4
- 0.6.3
- 0.6.2
- 0.6.1
- 0.6.0.3
- 0.6.0.2
- 0.6.0.1
- 0.6.0
- 0.5.2
- 0.5.1.1
- 0.5.1
- 0.5.0
- 0.4.1.1
- 0.4.1
- 0.4.0.2
- 0.4.0.1
- 0.4
- 0.3.2
- 0.3.1
- 0.3.0
- 0.2.2
- 0.2.1
- 0.2
- 0.1.6
- 0.1.5.1
- 0.1.5
- 0.1.4
- 0.1.3
- 0.1.2
- 0.1.1
- 0.1
- dev-feature/camelizePropertiesAndUseArrayAccess
- dev-acl-manager-refactor
- dev-mducharme-camelcase
- dev-mducharme-jwt
This package is auto-updated.
Last update: 2024-04-13 15:23:30 UTC
README
The User package provides abstract tools for defining user models, authenticating and authorizating users from an integration with Laminas Permissions ACL.
Installation
composer require charcoal/user
Overview
The User object
At the core of this module is the definition of a "User" object. The contract can be found as \Charcoal\User\UserInterface. This interfaces extends \Charcoal\Object\ContentInterface (from charcoal/object), which extends \Charcoal\Model\ModelInterface (from charcoal/core).
The preferred way of using this module is by defining your own User class in your project and extending the provided \Charcoal\User\AbstractUser class.
For quick prototypes or small projects, a full concrete class is provided as \Charcoal\User\GenericUser.
User properties
| Property | Type | Default | Description |
|---|---|---|---|
| username | string |
true |
… |
| password | string |
null |
… |
string |
null |
… | |
| roles | string[] |
[] |
ACL roles, which define user permissions. |
| last_login_date | date-time |
null |
… |
| last_login_ip | string |
'' |
… |
| last_password_date | date-time |
null |
… |
| last_password_ip | string |
'' |
… |
| login_token | string |
null |
… |
Note that the
keyof the User is theusername. Therefore,id()returns the username. It must be unique.
Properties inherited from Content-Interface:
| Property | Type | Default | Description |
|---|---|---|---|
| active | boolean |
true |
… |
| position | number |
null |
… |
| created | date-time |
null |
… |
| created_by | string |
'' |
… |
| last_modified | date-time |
null |
… |
| last_modified_by | string |
'' |
… |
Authentication
TODO
Authorization
User authorization is managed with a role-based Access Control List (ACL). Internally, it uses laminas/laminas-permissions-acl for the ACL logic. It is recommended to read the Laminas ACL documentation to learn more about how it all works.
There are 2 main concepts that must be managed, either from JSON config files or in the database (which works well with charcoal/admin), roles and permissions.
ACL Configuration
To set up ACL, it is highly recommended to use the \Charcoal\User\Acl\Manager.
ACL Example
{
"acl": {
"permissions": {
"superuser": {
"superuser": true
},
"author": {
"allowed": {},
"denied": {}
}
}
}
}
use Charcoal\User\Acl\Manager as AclManager; use Laminas\Permissions\Acl\Acl; use Laminas\Permissions\Acl\Resource\GenericResource as AclResource; $acl = new Acl(); // Add resource for ACL $acl->addResource(new AclResource($resourceName)); $aclManager = new AclManager([ 'logger' => $logger, ]); $aclManager->loadPermissions($acl, $config['acl.permissions'], $resourceName); $authorizer = new Authorizer([ 'logger' => $logger, 'acl' => $acl, 'resource' => $resourceName, ]); $isAllowed = $authorizer->userAllowed($user, [ 'permssion' ]);