knplabs / rad-security
Provide RAD security components
Installs: 46 410
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 26
Forks: 2
Open Issues: 2
Requires
- symfony/http-kernel: ~5.1
- symfony/security-core: ~5.1
Requires (Dev)
- php: >=7.2.5
- bossa/phpspec2-expect: ~3.0
- friendsofphp/php-cs-fixer: ^2.16
- pedrotroller/php-cs-custom-fixer: ~2.23
- phpspec/phpspec: ~6.0
- symfony/dependency-injection: ~5.1
- symfony/http-foundation: ~5.1
Suggests
- knplabs/rad-resource-resolver: Allows to check authorization against resources resolved from the routing.
README
Unfortunately we decided to not maintain this project anymore (see why). If you want to mark another package as a replacement for this one please send an email to hello@knplabs.com.
Rapid Application Development : Security
Provide RAD security components
Official maintainers:
Installation
composer require knplabs/rad-security ~4.0
// config/bundles.php <?php return [ Knp\Rad\Security\Bundle\SecurityBundle::class => ['all' => true], ];
Use
IS_OWNER voter
You now have access to a voter that checks if the authenticated user is the owner of an object.
The user contained inside the security token must implement Knp\Rad\Security\OwnerInterface
.
The object you're about to test ownership must implement Knp\Rad\Security\OwnableInterface
.
Example
<?php namespace App\Model; use Knp\Rad\Security\OwnerInterface; class User implements OwnerInterface { }
<?php namespace App\Model; use Knp\Rad\Security\OwnableInterface; use App\Model\User; class Book implements OwnableInterface { /** @var App\Model\User */ protected $writtenBy; public function __construct(User $writtenBy) { $this->writtenBy = $writtenBy; } public function getOwner() { return $this->writtenBy; } }
$zola = new \App\Model\User(); // He is the current authenticated user $hugo = new \App\Model\User(); $germinal = new \App\Model\Book($zola); $miserables = new \App\Model\Book($hugo); $authorizationChecker = $container->get(/* ... */); $authorizationChecker->isGranted(array('IS_OWNER'), $germinal); // true $authorizationChecker->isGranted(array('IS_OWNER'), $miserables); // false
Security from routing
You can specify security constraints directly from your routing by providing a role or an array of roles with the roles
parameter. If you specify an array, it will be passed as is to the authorization checker, and that means the authorization strategy depends on your configuration of the security component.
Example
acme_demo: path: /demo defaults: _controller: FrameworkBundle:Template:template template: Acme:demo:index.html.twig _security: - roles: IS_AUTHENTICATED_FULLY
The main advantage comes when used with the rad-resource-resolver component & the ParamConverter from SensioLabs.
You can provide a subject
previously resolved and available in the request attributes
.
If you have many objects resolved against which you can check security constraints, you can specify many rules.
Example
acme_group_update: path: /team/{tid}/group/{gid}/update defaults: _controller: AcmeBundle:Group:update template: Acme:Group:update.html.twig _resources: team: # ... group: # ... _security: - roles: [IS_MEMBER, ANOTHER_ROLE] subject: team - roles: IS_OWNER subject: group