orbitale/permissions-bundle

Using a new "permissions" directive as a single voter

Maintainers

Details

github.com/Orbitale/PermissionsBundle

Source

Issues

Installs: 60

Dependents: 0

Suggesters: 0

Security: 0

Stars: 18

Watchers: 4

Forks: 1

Open Issues: 0

Type:symfony-bundle

v0.1.1 2017-12-23 20:12 UTC

Requires

MIT 5bf6f539b439ccdd18dcdd0417ed39ac3e7355d6

  • Alex Rock Ancelet <pierstoval.woop@gmail.com>

symfonysecuritybundlepermissions

This package is auto-updated.

Last update: 2024-12-15 02:40:42 UTC

README

The goal of this bundle is to add simple ExpressionLanguage based permissions to Symfony, to rely on something with more logic than Roles and less heavy than creating Voters.

Install

  • Require it with composer

    $ composer require orbitale/permissions-bundle

  • Add the bundle to your kernel

    <?php

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            // ...
            new Orbitale\Bundle\PermissionsBundle\PermissionsBundle(),
        ];

        return $bundles;
    }
}

  • Setup your desired permissions:

    # app/config/security.yml
permissions:
    rules:
        ADMIN_EDIT: 'user and user.getStatus() === constant("AppBundle\\Entity\\User::STATUS_ADMIN")'
        SUBSCRIBE: 'user and user.isMemberOfTheTeam()'
        CHUCK_NORRIS: 'user and user.getUsername() === "Chuck Norris"'

  • Use them in your controllers

    <?php

namespace AppBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;

class DefaultController extends Controller
{
    public function badassAction()
    {
        $this->denyAccessUnlessGranted('CHUCK_NORRIS');

        // ...
    }
}

Configuration reference

permissions:
    defaults:
        # Variables to add to ExpressionLanguage, for easier access if you need
        expression_variables: []

        # Will be added to all not already set "supports" attributes
        supports:             null
    rules:
        # Full prototype
        # Key names *must* be uppercase
        PERMISSION_KEY_NAME:
            supports: null
            on_vote: null   # Required

        # Allow expression with a single string, if you don't care of "supports":
        PERMISSION_KEY_NAME: 'on_vote expression'

Real life example

permissions:
    defaults:
        expression_variables:
            user_class: AppBundle\Entity\User
            post_class: AppBundle\Entity\Post
        supports: 'instanceof(user, user_class)'
    rules:
        ADMIN: 'user.isAdmin()'
        EDIT_POST:
            supports: 'instanceof(user, user_class) and instanceof(subject, post_class)'
            on_vote: 'user.isAdmin() and subject.getAuthor().getId() === user.getId()'