getpop / access-control
Access Control for schema elements
Requires
- php: ^8.1
- getpop/mandatory-directives-by-configuration: ^9.0
Requires (Dev)
- getpop/cache-control: ^9.0
- phpstan/phpstan: ^1.8
- phpunit/phpunit: ^10.2
- rector/rector: ^0.18
- squizlabs/php_codesniffer: ^3.6
Suggests
- getpop/cache-control: Integration with Cache Control
Conflicts
- gatographql-standalone/gatographql: <9.0.0
- gatographql/external-dependency-wrappers: <9.0.0
- gatographql/gatographql: <9.0.0
- gatographql/plugin-utils: <9.0.0
- gatographql/testing-schema: <9.0.0
- getpop/cache-control: <9.0.0
- getpop/component-model: <9.0.0
- getpop/componentrouting: <9.0.0
- getpop/definitions: <9.0.0
- getpop/dom-crawler: <9.0.0
- getpop/engine: <9.0.0
- getpop/engine-wp: <9.0.0
- getpop/engine-wp-bootloader: <9.0.0
- getpop/filestore: <9.0.0
- getpop/graphql-parser: <9.0.0
- getpop/guzzle-http: <9.0.0
- getpop/loosecontracts: <9.0.0
- getpop/markdown-convertor: <9.0.0
- getpop/root: <9.0.0
- getpop/root-wp: <9.0.0
- graphql-by-pop/graphiql: <9.0.0
- graphql-by-pop/graphql-clients-for-wp: <9.0.0
- graphql-by-pop/graphql-endpoint-for-wp: <9.0.0
- graphql-by-pop/graphql-request: <9.0.0
- graphql-by-pop/graphql-server: <9.0.0
- graphql-by-pop/graphql-voyager: <9.0.0
- phpunit-for-gatographql/dummy-schema: <9.0.0
- phpunit-for-gatographql/dummy-wp-schema: <9.0.0
- phpunit-for-gatographql/gatographql: <9.0.0
- phpunit-for-gatographql/gatographql-testing: <9.0.0
- phpunit-for-gatographql/webserver-requests: <9.0.0
- phpunit-for-gatographql/wpfaker-schema: <9.0.0
- pop-api/api: <9.0.0
- pop-api/api-clients: <9.0.0
- pop-api/api-endpoints: <9.0.0
- pop-api/api-endpoints-for-wp: <9.0.0
- pop-api/api-graphql: <9.0.0
- pop-api/api-mirrorquery: <9.0.0
- pop-api/api-rest: <9.0.0
- pop-backbone/php-hooks: <9.0.0
- pop-backbone/wp-data-parser: <9.0.0
- pop-cms-schema/categories: <9.0.0
- pop-cms-schema/categories-wp: <9.0.0
- pop-cms-schema/category-mutations: <9.0.0
- pop-cms-schema/category-mutations-wp: <9.0.0
- pop-cms-schema/comment-mutations: <9.0.0
- pop-cms-schema/comment-mutations-wp: <9.0.0
- pop-cms-schema/commentmeta: <9.0.0
- pop-cms-schema/commentmeta-wp: <9.0.0
- pop-cms-schema/comments: <9.0.0
- pop-cms-schema/comments-wp: <9.0.0
- pop-cms-schema/custompost-categories-wp: <9.0.0
- pop-cms-schema/custompost-category-mutations: <9.0.0
- pop-cms-schema/custompost-category-mutations-wp: <9.0.0
- pop-cms-schema/custompost-mutations: <9.0.0
- pop-cms-schema/custompost-mutations-wp: <9.0.0
- pop-cms-schema/custompost-tag-mutations: <9.0.0
- pop-cms-schema/custompost-tag-mutations-wp: <9.0.0
- pop-cms-schema/custompost-tags-wp: <9.0.0
- pop-cms-schema/custompost-user-mutations: <9.0.0
- pop-cms-schema/custompost-user-mutations-wp: <9.0.0
- pop-cms-schema/custompostmedia: <9.0.0
- pop-cms-schema/custompostmedia-mutations: <9.0.0
- pop-cms-schema/custompostmedia-mutations-wp: <9.0.0
- pop-cms-schema/custompostmedia-wp: <9.0.0
- pop-cms-schema/custompostmeta: <9.0.0
- pop-cms-schema/custompostmeta-wp: <9.0.0
- pop-cms-schema/customposts: <9.0.0
- pop-cms-schema/customposts-wp: <9.0.0
- pop-cms-schema/media: <9.0.0
- pop-cms-schema/media-mutations: <9.0.0
- pop-cms-schema/media-mutations-wp: <9.0.0
- pop-cms-schema/media-wp: <9.0.0
- pop-cms-schema/menus: <9.0.0
- pop-cms-schema/menus-wp: <9.0.0
- pop-cms-schema/meta: <9.0.0
- pop-cms-schema/metaquery-wp: <9.0.0
- pop-cms-schema/page-mutations: <9.0.0
- pop-cms-schema/page-mutations-wp: <9.0.0
- pop-cms-schema/pagemedia-mutations: <9.0.0
- pop-cms-schema/pages: <9.0.0
- pop-cms-schema/pages-wp: <9.0.0
- pop-cms-schema/post-categories: <9.0.0
- pop-cms-schema/post-categories-wp: <9.0.0
- pop-cms-schema/post-category-mutations: <9.0.0
- pop-cms-schema/post-mutations: <9.0.0
- pop-cms-schema/post-tag-mutations: <9.0.0
- pop-cms-schema/post-tags: <9.0.0
- pop-cms-schema/post-tags-wp: <9.0.0
- pop-cms-schema/postmedia-mutations: <9.0.0
- pop-cms-schema/posts: <9.0.0
- pop-cms-schema/posts-wp: <9.0.0
- pop-cms-schema/queriedobject: <9.0.0
- pop-cms-schema/queriedobject-wp: <9.0.0
- pop-cms-schema/schema-commons: <9.0.0
- pop-cms-schema/schema-commons-wp: <9.0.0
- pop-cms-schema/settings: <9.0.0
- pop-cms-schema/settings-wp: <9.0.0
- pop-cms-schema/tag-mutations: <9.0.0
- pop-cms-schema/tag-mutations-wp: <9.0.0
- pop-cms-schema/tags: <9.0.0
- pop-cms-schema/tags-wp: <9.0.0
- pop-cms-schema/taxonomies: <9.0.0
- pop-cms-schema/taxonomies-wp: <9.0.0
- pop-cms-schema/taxonomy-mutations: <9.0.0
- pop-cms-schema/taxonomy-mutations-wp: <9.0.0
- pop-cms-schema/taxonomymeta: <9.0.0
- pop-cms-schema/taxonomymeta-wp: <9.0.0
- pop-cms-schema/taxonomyquery: <9.0.0
- pop-cms-schema/taxonomyquery-wp: <9.0.0
- pop-cms-schema/user-avatars: <9.0.0
- pop-cms-schema/user-avatars-wp: <9.0.0
- pop-cms-schema/user-roles: <9.0.0
- pop-cms-schema/user-roles-wp: <9.0.0
- pop-cms-schema/user-state: <9.0.0
- pop-cms-schema/user-state-mutations: <9.0.0
- pop-cms-schema/user-state-mutations-wp: <9.0.0
- pop-cms-schema/user-state-wp: <9.0.0
- pop-cms-schema/usermeta: <9.0.0
- pop-cms-schema/usermeta-wp: <9.0.0
- pop-cms-schema/users: <9.0.0
- pop-cms-schema/users-wp: <9.0.0
- pop-schema/directive-commons: <9.0.0
- pop-schema/extended-schema-commons: <9.0.0
- pop-schema/http-requests: <9.0.0
- pop-schema/schema-commons: <9.0.0
- pop-wp-schema/block-content-parser: <9.0.0
- pop-wp-schema/blocks: <9.0.0
- pop-wp-schema/commentmeta: <9.0.0
- pop-wp-schema/comments: <9.0.0
- pop-wp-schema/custompostmeta: <9.0.0
- pop-wp-schema/customposts: <9.0.0
- pop-wp-schema/media: <9.0.0
- pop-wp-schema/menus: <9.0.0
- pop-wp-schema/meta: <9.0.0
- pop-wp-schema/multisite: <9.0.0
- pop-wp-schema/pages: <9.0.0
- pop-wp-schema/posts: <9.0.0
- pop-wp-schema/schema-commons: <9.0.0
- pop-wp-schema/settings: <9.0.0
- pop-wp-schema/site: <9.0.0
- pop-wp-schema/taxonomymeta: <9.0.0
- pop-wp-schema/usermeta: <9.0.0
- pop-wp-schema/users: <9.0.0
- dev-master / 9.1.x-dev
- 9.0.0
- 8.0.0
- 7.0.8
- 7.0.7
- 7.0.6
- 7.0.5
- 7.0.4
- 7.0.3
- 7.0.2
- 7.0.1
- 7.0.0
- 6.0.2
- 6.0.1
- 6.0.0
- 5.0.0
- 4.2.0
- 4.1.1
- 4.1.0
- 4.0.1
- 4.0.0
- 3.0.0
- 2.6.1
- 2.6.0
- 2.5.2
- 2.5.1
- 2.5.0
- 2.4.1
- 2.4.0
- 2.3.0
- 2.2.3
- 2.2.2
- 2.2.1
- 2.2.0
- 2.1.3
- 2.1.2
- 2.1.1
- 2.1.0
- 2.0.1
- 2.0.0
- 1.6.0
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.1
- 1.5.0
- 1.4.0
- 1.3.1
- 1.3.0
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.15
- 1.0.14
- 1.0.13
- 1.0.12
- 1.0.11
- 1.0.10
- 1.0.9
- 1.0.8
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.10.2
- 0.10.1
- 0.10.0
- 0.9.10
- 0.9.9
- 0.9.8
- 0.9.7
- 0.9.6
- 0.9.5
- 0.9.4
- 0.9.3
- 0.9.2
- 0.9.1
- 0.9.0
- 0.8.9
- 0.8.8
- 0.8.7
- 0.8.6
- 0.8.5
- 0.8.4
- v0.8.3
- 0.8.1
- 0.7.13
- 0.7.12
- 0.7.11
- 0.7.10
- 0.7.9
- 0.7.8
- 0.7.7
- 0.7.6
This package is auto-updated.
Last update: 2024-12-16 10:17:53 UTC
README
Access Control for schema elements
Install
Via Composer
composer require getpop/access-control
Development
The source code is hosted on the GatoGraphQL monorepo, under Engine/packages/access-control
.
Usage
Initialize the component:
\PoP\Root\App::stockAndInitializeModuleClasses([([ \PoP\AccessControl\Module::class, ]);
How does it work?
Access control deals in 2 modes: Public/Private schema modes.
The difference between Public and Private schema modes concerns the feedback given to the user when a validation fails. In Public mode, a detailed error message is given to the user (eg: "only users with role 'administrator' can access this field). In Private mode, there is no helpful information, instead the user is told that the field or directive does not exist.
We need to implement 4 cases of access control:
- Fields in Public schema mode
- Directives in Public schema mode
- Fields in Private schema mode
- Directives in Private schema mode
In Public schema mode, we can simply add a special directive that will validate the restriction (such as: is the user logged in? does the logged-in user have a specific role or capability?).
In Private mode, we add a hook that filters out the field or directive before it is registered.
In addition, whenever a validation must be performed to know if the user can access a field or directive, the response from the GraphQL server cannot be cached (when using component Cache Control). For the Public mode this situation is automatically handled, since the directive validating if the user is logged in or not already indicates that the response cannot be cached. For the Private mode, however, we need to add a special directive "NoCache"
. Hence, we need to deal with the following 2 cases:
NoCache
for Fields in Private schema modeNoCache
for Directives in Private schema mode
PHP versions
Requirements:
- PHP 8.1+ for development
- PHP 7.4+ for production
Supported PHP features
Check the list of Supported PHP features in GatoGraphQL/GatoGraphQL
Preview downgrade to PHP 7.4
Via Rector (dry-run mode):
composer preview-code-downgrade
Standards
To check the coding standards via PHP CodeSniffer, run:
composer check-style
To automatically fix issues, run:
composer fix-style
Change log
Please see CHANGELOG for more information on what has changed recently.
Testing
To execute PHPUnit, run:
composer test
Static Analysis
To execute PHPStan, run:
composer analyse
Report issues
To report a bug or request a new feature please do it on the GatoGraphQL monorepo issue tracker.
Contributing
We welcome contributions for this package on the GatoGraphQL monorepo (where the source code for this package is hosted).
Please see CONTRIBUTING and CODE_OF_CONDUCT for details.
Security
If you discover any security related issues, please email leo@getpop.org instead of using the issue tracker.
Credits
License
GNU General Public License v2 (or later). Please see License File for more information.