tkhamez/slim-role-auth

Role-based authorization for the Slim framework

2.0.0 2019-08-04 01:50 UTC

This package is auto-updated.

Last update: 2020-01-04 02:46:43 UTC


README

Build Status Test Coverage

Role-based authorization

Middleware for the Slim 4 framework.

For Slim 3 use the 1.0.0 release.

Installation

With Composer:

composer require tkhamez/slim-role-auth

Usage

Example:

use Tkhamez\Slim\RoleAuth\RoleMiddleware;
use Tkhamez\Slim\RoleAuth\SecureRouteMiddleware;

$app = Slim\Factory\AppFactory::create();

// Deny access if a required role is missing
$app->add(new SecureRouteMiddleware(
    new Slim\Psr7\Factory\ResponseFactory(), // any implementation of Psr\Http\Message\ResponseFactoryInterface
    [
        // route pattern -> roles, first "starts-with" match is used
        '/secured/public' => ['any'],
        '/secured'        => ['user'],
    ],
    ['redirect_url' => null] // optionally add "Location" header instead of 403 status code
));

// Add roles to request attribute
$app->add(new RoleMiddleware(
    new App\RoleProvider(), // any implementation of Tkhamez\Slim\RoleAuth\RoleProviderInterface
    ['route_pattern' => ['/secured']] // optionally limit to these routes
));

// Add routing middleware last, so the `route` attribute from `$request` is available
// (this replaces the determineRouteBeforeAppMiddleware setting from Slim 3).
$app->addRoutingMiddleware();
  • The SecureRouteMiddleware denies access to a route if the required role is missing in the roles request attribute.
  • The RoleMiddleware class adds the roles attribute to the request object with roles provided by the RoleProvider class.
  • You can add several role providers for different paths.

For more information, see the inline documentation for the classes.

Changelog

2.0.0

Update for Slim 4.

1.0.0

First stable release.