stonedz/pff2-permissions

Manages permissions in pff2 controllers

Maintainers

Details

github.com/stonedz/pff2-permissions

Homepage

Source

Issues

Installs: 113

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:pff2-module

pkg:composer/stonedz/pff2-permissions

v4.0 2026-02-17 14:40 UTC

Requires

Requires (Dev)

MIT 4f960245ea2bca2a053385039fc964b904edbefa

  • Paolo Fagni <paolo.fagni.woop@gmail.com>

modulepermissionspff2

This package is auto-updated.

Last update: 2026-02-17 14:41:52 UTC

README

Permissions module for stonedz/pff2 controllers.

It reads permission metadata from controller classes/actions and blocks access when the logged user does not have the required permission flags.

Requirements

  • stonedz/pff2 v4
  • Doctrine ORM enabled in your app (the module reads the user model through the EntityManager)

Installation

  1. Require the module:
composer require stonedz/pff2-permissions

  1. Enable it in your app modules list.

  2. Add module configuration in your app config folder:

app/config/modules/pff2-permissions/module.conf.yaml

moduleConf:
  userClass: AnagraficaBusiness
  sessionUserId: id_user
  getPermission: getPermesso
  controllerNotLogged: Index
  actionNotLogged: index
  permissionClass: Permesso

Configuration reference

  • userClass: user model class name under \pff\models.
  • sessionUserId: key used in $_SESSION['logged_data'] for the logged user id.
  • getPermission: method called on the user instance to retrieve the permission object.
  • controllerNotLogged: redirect controller when user is not logged.
  • actionNotLogged: redirect action when user is not logged.
  • permissionClass: permission model class name under \pff\models.

Usage (native attributes)

Use attributes on controller class and/or action method.

use pff\modules\Attributes\Pff2Permissions;
use pff\modules\Attributes\Pff2PermissionsLogicalOperator;

#[Pff2Permissions(["Logged", "FatturazioneWriteable"])]
class Fatturazione_Controller extends AController
{
  #[Pff2Permissions(["Admin"])]
  #[Pff2PermissionsLogicalOperator(Pff2PermissionsLogicalOperator::OR)]
    public function editAction()
    {
    }
}

Supported attributes

  • #[Pff2Permissions(["PermissionA", "PermissionB"])]
  • #[Pff2PermissionsLogicalOperator(Pff2PermissionsLogicalOperator::AND)]
  • #[Pff2PermissionsLogicalOperator(Pff2PermissionsLogicalOperator::OR)]

If Pff2PermissionsLogicalOperator is omitted, default behavior is AND.

Backward compatibility (legacy docblocks)

Legacy docblock annotations are still supported, so existing controllers keep working:

/**
 * @Pff2Permissions ["Logged","FatturazioneWriteable"]
 */
class Fatturazione_Controller extends AController
{
  /**
   * @Pff2Permissions ["Admin"]
   * @Pff2PermissionsLogicalOperator OR
   */
  public function editAction()
  {
  }
}

The legacy variant @Pff2PermissionslogicalOperator (lowercase l) is also recognized.

Permission evaluation rules

  • Class and method permissions are merged.
  • Duplicate permission entries are removed.
  • AND: all listed permissions must be true.
  • OR: at least one listed permission must be true.
  • If no permission annotations are present, the request is allowed.

Runtime behavior

  • Not logged user: redirected to controllerNotLogged/actionNotLogged.
  • Logged user without permission: a 403 (Action not permitted) is thrown.
  • Missing ORM setup: a 500 is thrown (PermissionChecker requires Doctrine ORM to be enabled).