jstewmc/authorize-group

Authorize access-control-list (ACL) group

Maintainers

Details

github.com/jstewmc/authorize-group

Source

Issues

Installs: 11

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

v1.0.0 2016-08-13 22:19 UTC

Requires

  • php: ^7.0

Requires (Dev)

MIT 12000bdc4c491464af394bd40a92372bde2b71b3

  • Jack Clayton <clayjs0.woop@gmail.com>

phpgroupaccesscontrolacllistauthorizejstewmc

This package is auto-updated.

Last update: 2024-10-29 04:25:37 UTC

README

Authorize a group to perform an action on a resource.

Terminology

This library uses the following terminology:

  • A user is a person.
  • A resource is a thing, typically a model name. By convention, resources are plural and lower-case (e.g., 'users').
  • An action is something done to a resource, typically a CRUD operation. By convention, actions are singular, present-tense, and lower-case (e.g., 'create').
  • A permission is the right to perform an action on a resource (e.g., 'create' + 'users').
  • A role is a named set of permissions. By convention, roles are singular and lower-cased (e.g., 'administrator')
  • A group is a set of users with a unique name. By convention, groups are plural and lower-case (e.g., 'administrators').

Methodology

This library's methodology is rather simple:

  1. A user is assigned to a group.
  2. A group is assigned one or more roles.
  3. A role is granted one or more permissions.
  4. A permission allows an action on a resource.

While users are assigned one or more groups in the database, a group is assigned a role and a role is assigned permissions in a configuration array.

Example

Finally (haha):

use Jstewmc\AuthorizeGroup;

// grant permissions to roles
$roles = [
    // the "administrator" role...
    'administrator' => [
        // for the "users" resource...
        'users' => [
            // has the "create" action
            'create'   
        ]
    ]
];

// assign roles to groups
$groups = [
    // the "administrators" group...
    'administrators' => [
        // has the "administrator" role
        'administrator'
    ]
];

// implement a group named "administrators"
$group = new class implements Group {
    public function getName(): string {
        return 'administrators';
    }
}

// create our authorization service
$authorizer = new Authorize($groups, $roles);

// is the group authorized to create users? (yes)
$authorizer($group, 'create', 'users');

// is the group authorized to delete users? (no)
$authorizer($group, 'delete', 'users');

That's about it!

License

MIT

Author

Jack Clayton

Version

1.0.0, August 16, 2016

  • Major release
  • Fix composer.json
  • Cleanup a few comments

0.1.0, August 3, 2016

  • Initial release