README

GF Identity reusable package

Package is used for access management in EVA Micro Services.

Usage

EvaGuard is a trait for checking access by roles and possibly by additional custom logic provided in instance of VoterInterface.

Usage:

In controller we import EvaGuard using expression use EvaGuard; Then we're able to use it's functionality in any action or checkAccess() method, for example:

self::denyAccessUnlessGranted('ROLE_ADMIN');

Interface VoterInterface stands for decision making point whether to grant access to user or not. It is possible to add some logic and conditions to class which implements this interface to check for additional requirements.

Instance can be passed to NavaINT1876\GfIdentity\EvaGuard::denyAccessUnlessGranted() as a second argument, and $params for it as a third argument.

Example of usage:

 public function checkAccess($action, $model = null, $params = [])
 {
     if ('index' === $action) {
         self::denyAccessUnlessGranted('ROLE_ADMIN');
     }

     if ('view' === $action || 'update' === $action) {
         self::denyAccessUnlessGranted('ROLE_USER', UserVoter::class, ['model' => $model, 'action' => $action]);
     }
 }

Example of voter:

 namespace app\modules\v1\voters;

 use Yii;
 use yii\web\ForbiddenHttpException;

 class UserVoter implements VoterInterface
 {
     const ACTION_VIEW = 'view';

     const ACTION_EDIT = 'update';

     const ACTIONS = [
         self::ACTION_VIEW,
         self::ACTION_EDIT,
     ];

     private $params;

     public function __construct(array $params)
     {
         $this->params = $params;
     }

     public function decide(): void
     {
         $action = $this->params['action'];
         $subject = $this->params['model'];
         $currentUser = Yii::$app->identity->getUser();

         if ($currentUser->id === $subject->id && in_array($action, self::ACTIONS)) {
             return;
         }

         throw new ForbiddenHttpException('You do not have permission to view/edit this user details.');
     }
}