tkhamez/slim-role-auth

Role-based authorization for the Slim framework

3.0.0 2020-01-26 19:56 UTC

This package is auto-updated.

Last update: 2020-07-26 21:12:00 UTC


README

Build Status Test Coverage

Role-based authorization

Middleware for the Slim 4 framework.

For Slim 3 use the 1.0.0 release.

Installation

With Composer:

composer require tkhamez/slim-role-auth

Usage

Example:

use Tkhamez\Slim\RoleAuth\RoleMiddleware;
use Tkhamez\Slim\RoleAuth\SecureRouteMiddleware;

$app = Slim\Factory\AppFactory::create();

// Deny access if a required role is missing
$app->add(new SecureRouteMiddleware(
    new Slim\Psr7\Factory\ResponseFactory(), // any implementation of Psr\Http\Message\ResponseFactoryInterface
    [
        // route pattern -> roles, first "starts-with" match is used
        '/secured/public' => ['any'],
        '/secured'        => ['user'],
    ],
    ['redirect_url' => null] // optionally add "Location" header instead of 403 status code
));

// Add roles to request attribute
$app->add(new RoleMiddleware(
    new App\RoleProvider(), // any implementation of Tkhamez\Slim\RoleAuth\RoleProviderInterface
    ['route_pattern' => ['/secured']] // optionally limit to these routes
));

// Add routing middleware last, so the `route` attribute from `$request` is available
// (this replaces the determineRouteBeforeAppMiddleware setting from Slim 3).
$app->addRoutingMiddleware();
  • The SecureRouteMiddleware denies access to a route if the required role is missing in the roles request attribute.
  • The RoleMiddleware class adds the roles attribute to the request object with roles provided by the RoleProvider class.
  • You can add several role providers for different paths.

For more information, see the inline documentation for the classes.

Changelog

3.0.0

  • Raised minimum PHP version to 7.2
  • Added a class constant for the name of the request attribute that holds the roles and changed its name.

2.0.1

Compatibility with Slim 4.4

2.0.0

Update for Slim 4.

1.0.0

First stable release.