Role-based authorization for the Slim framework
Middleware for the Slim 4 framework.
For Slim 3 use the 1.0.0 release.
composer require tkhamez/slim-role-auth
use Tkhamez\Slim\RoleAuth\RoleMiddleware; use Tkhamez\Slim\RoleAuth\SecureRouteMiddleware; $app = Slim\Factory\AppFactory::create(); // Deny access if a required role is missing $app->add(new SecureRouteMiddleware( new Slim\Psr7\Factory\ResponseFactory(), // any implementation of Psr\Http\Message\ResponseFactoryInterface [ // route pattern -> roles, first "starts-with" match is used '/secured/public' => ['any'], '/secured' => ['user'], ], ['redirect_url' => null] // optionally add "Location" header instead of 403 status code )); // Add roles to request attribute $app->add(new RoleMiddleware( new App\RoleProvider(), // any implementation of Tkhamez\Slim\RoleAuth\RoleProviderInterface ['route_pattern' => ['/secured']] // optionally limit to these routes )); // Add routing middleware last, so the `route` attribute from `$request` is available // (this replaces the determineRouteBeforeAppMiddleware setting from Slim 3). $app->addRoutingMiddleware();
SecureRouteMiddlewaredenies access to a route if the required role is missing in the
RoleMiddlewareclass adds the
rolesattribute to the request object with roles provided by the
- You can add several role providers for different paths.
For more information, see the inline documentation for the classes.
- Raised minimum PHP version to 7.2
- Added a class constant for the name of the request attribute that holds the roles and changed its name.
Compatibility with Slim 4.4
Update for Slim 4.
First stable release.