dkx/security

This package is abandoned and no longer maintained. No replacement package was suggested.

Security package

Maintainers

Details

gitlab.com/dkx/php/security

Source

Issues

Installs: 473

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

0.0.2 2019-06-26 12:03 UTC

Requires

  • php: ^7.3

Requires (Dev)

MIT f06dcfec798da09f99c91f2f5b39bc5eddf602b9

  • David Kudera <kudera.d.woop@gmail.com>

security

This package is auto-updated.

Last update: 2024-01-26 22:09:35 UTC

README

Security package for PHP based on symfony security and voters for stateless apps.

Installation

$ composer require dkx/security

Usage

<?php

use DKX\Security\Security;
use DKX\Security\Identity\AuthenticatedIdentity;

$security = new Security;
$identity = new AuthenticatedIdentity($user, ['ROLE_ADMIN']);

$security->authenticate($identity);

var_dump($security->getIdentity());

Authentication

Simple authentication can be seen in the example above.

Calling getIdentity() will always return some identity (interface Identity). It will be GuestIdentity for unauthenticated user.

You could easily create custom identity class. Only requirement is that it must implement the Identity interface.

Check privileges

<?php

use DKX\Security\Security;
use DKX\Security\Identity\AuthenticatedIdentity;

$security = new Security;

$security->isGranted(Security::IS_GUEST);          // true
$security->isGranted(Security::IS_AUTHENTICATED);  // false
$security->isGranted('ROLE_ADMIN');                // false

$security->authenticate(new AuthenticatedIdentity($user, ['ROLE_ADMIN']));

$security->isGranted(Security::IS_GUEST);          // false
$security->isGranted(Security::IS_AUTHENTICATED);  // true
$security->isGranted('ROLE_ADMIN');                // true

$security->logout();

$security->isGranted(Security::IS_GUEST);          // true
$security->isGranted(Security::IS_AUTHENTICATED);  // false
$security->isGranted('ROLE_ADMIN');                // false

Voters

Voters can be used for advanced privileges checks. They allow to eg. check if specific user has access to specific resource.

<?php

use DKX\Security\Security;
use DKX\Security\Votes\Voter;
use DKX\Security\Identity\Identity;
use DKX\Security\Identity\GuestIdentity;

class BookVoter implements Voter
{
    public const CREATE = 'create';
    
    public function supports(string $attribute, object $subject): bool
    {
        if (!\in_array($attribute, [self::CREATE], true)) {
            return false;
        }
        
        if (!$subject instanceof Book) {
            return false;
        }
        
        return true;
    }

    public function voteOnAttribute(string $attribute, object $subject, Identity $identity): bool
    {
        if ($identity instanceof GuestIdentity) {
            return false;
        }
        
        switch ($attribute) {
            case self::CREATE: return $this->canCreate($subject, $identity);
        }
        
        // should be unreachable
        return false;
    }
    
    private function canCreate(Book $book, Identity $identity): bool 
    {
        return true;
    }
}

$security = new Security;
$security->addVoter(new BookVoter);

$security->isGranted(BookVoter::CREATE, $book);

If you need to access Security inside of voter, implement the SecurityAwareVoter interface.