README

Role-based authorization

Middleware for the Slim 4 framework.

For Slim 3 use the 1.0.0 release.

Installation

With Composer:

composer require tkhamez/slim-role-auth

Usage

Example:

use Tkhamez\Slim\RoleAuth\RoleMiddleware;
use Tkhamez\Slim\RoleAuth\SecureRouteMiddleware;

$app = Slim\Factory\AppFactory::create();

// Deny access if a required role is missing.
$app->add(new SecureRouteMiddleware(
    new Slim\Psr7\Factory\ResponseFactory(), // Any implementation of Psr\Http\Message\ResponseFactoryInterface.
    [
        // Route pattern  => Roles, the first "starts-with" match is used.
        '/secured/public' => ['any'],
        '/secured'        => ['user'],
    ],
    ['redirect_url' => null] // Adds the "Location" header instead of a 403 status code if set.
));

// Add roles to request attribute.
$app->add(new RoleMiddleware(
    new App\RoleProvider(), // Any implementation of Tkhamez\Slim\RoleAuth\RoleProviderInterface.
    ['route_pattern' => ['/secured']] // Optionally limit to these routes.
));

// Add routing middleware last, so the Slim router is available from the request.
$app->addRoutingMiddleware();

• The SecureRouteMiddleware denies access to a route if the required role is missing in the request object.
• The RoleMiddleware class adds roles provided by the RoleProvider object to the request object.
• You can add multiple role providers for different paths.

For more information, see the inline documentation of the classes.

Dev Env

docker build --tag slim-role-auth .
docker run -it --mount type=bind,source="$(pwd)",target=/app --workdir /app slim-role-auth /bin/sh