jnjxp / cheka
Radar route ACL Authorization
Requires
- aura/router: ~3.0
- fusible/authrole: dev-develop
- psr/http-message: ^1.0
- radar/adr: ^1.0
- vperyod/auth-handler: ^0.2.0
- zendframework/zend-permissions-acl: ^2.6
Requires (Dev)
This package is auto-updated.
Last update: 2024-12-26 08:56:31 UTC
README
Cheka: Route based ACL for Aura\Route and Radar\Adr
Installation
composer install jnjxp/cheka
Usage
Jnjxp\Cheka\Config
will setRouteFactory()
on Aura\Router\RouterContainer
so as to use Jnjxp\Cheka\Route\RadarRoute
.
It will also set the service jnjxp/cheka:acl
as an instance of
Zend\Permissions\Acl\Acl
which will be passed to Jnjxp\Cheka\AuthorizedRule
.
Jnjxp\Cheka\AuthorizedRule
will be appended to
Aura\Router\Rule\RuleIterator
.
$adr = $boot->adr( //..., Jnjxp\Cheka\Config::class, MyConfig::class );
You'll want to configure your Acl. Jnjxp\Cheka\Acl\Config
might help.
use Jnjxp\Cheka\Acl\Config as AclConfig; use Zend\Permissions\Acl\Acl; class MyConfig extends AclConfig { protected $resources = ['resource']; protected $roles = ['guest', 'user']; protected function init(Acl $acl) { foreach ($this->resources as $resource) { $acl->addResource($resource); } foreach ($this->roles as $role) { $acl->addRole($role); } $acl->allow('guest', 'resource', 'read'); $acl->allow('user', 'resource'); } }
When defining routes, you can designate a 'Resource' and a 'Privilege'.
$adr->get('Action\Resource\Read', '/resource/{id}', Resource\Service\Read::class) ->resource('resource') ->privilege('read'); $adr->patch('Action\Resource\Edit', '/resource/{id}', Resource\Service\Edit::class) ->resource('resource') ->privilege('edit'); // note, under the hood these values are only stored in the `extras` property // The following has the same effect, assuming you have not changed the keys // under which these values are stored. $adr->patch('Action\Resource\Edit', '/resource/{id}', Resource\Service\Edit::class) ->extras(['resource' => 'resource', 'privilege' => 'edit']);
You'll need to add the RoleHandler
to the middleware stack as well.
Additionally, this is intended to work with Aura\Auth, so you'll probably need
something like this:
$adr->middle(Vperyod\AuthHandler\AuthHandler::class); // By default, the RoleHandler assumes there's an Aura\Auth object available in // the request, so add the AuthHandler first, or modify it. $adr->middle(Jnjxp\Cheka\RoleHandler::class);