windwalker/authorisation

Windwalker Authorisation package

3.4.4 2018-02-20 08:15 UTC

README

Installation via Composer

Add this to the require block in your composer.json.

{
    "require": {
        "windwalker/authorisation": "~3.0"
    }
}

Create Authorisation and add policies

A simple example to use Closure as policy with action name can.edit.article.

use Windwalker\Authorisation\Authorisation;

$auth = new Authorisation;

$auth->addPolicy('can.edit.article', function (User $user, \stdClass $article)
{
    return $user->isAdmin() || $user->id == $article->author_id;
});

// Check access
$auth->authorise('can.edit.article', $user, $article); // boolean

Use Authorisation to Make ACL system

We can also use Authorisation object as a ACL handler, see this example. We find blog.article actions from acl_list table in database, and check the can.edit action greater then 1, so it means this user (or group) has access to edit all articles in blog.

$auth->addPolicy('can.edit', function (User $user, $assetName)
{
    $action = $db->prepare('SELECT access FROM acl_list WHERE action = :action AND asset = :asset AND group = :group')
        ->bind('action', 'can.edit')
        ->bind('asset', $assetName)
        ->bind('group', $user->group_id)
        ->execute()
        ->fetchObject();

    return $action >= 1;
});

// Can edit articles
$auth->authorise('can.edit', $user, 'blog.article'); // boolean

// Can edit article with id = 3
$auth->authorise('can.edit', $user, 'blog.article.3'); // boolean

NOTE: This is just an simple example to show how ACL works, you must write your own rules to implements ACL system.

Pre-defined Policy

We can define a policy by creating classes which implements PolicyInterface.

class CanEditPolicy implements \Windwalker\Authorisation\PolicyInterface
{
	public function authorise($user, $data = null)
	{
		return $user->isAdmin() || $user->id == $data->author_id;
	}
}

$auth->addPolicy('can.edit', new CanEditPolicy);

// After PHP 5.5, you can simply use ::class to add class name
$auth->addPolicy('can.edit', CanEditPolicy::class);

Register Multiple Policies

Use Policy Provider, we can define policies in a class that is more easily to add multiple policies.

use Windwalker\Authorisation\AuthorisationInterface;
use Windwalker\Authorisation\PolicyProviderInterface;

class ArticlePolicyProvider implements PolicyProviderInterface
{
	public function register(AuthorisationInterface $auth)
	{
		$auth->addPolicy('can.create.article', function () { ... });
		$auth->addPolicy('can.edit.article', function () { ... });
		$auth->addPolicy('can.edit.own.article', function () { ... });
		$auth->addPolicy('can.delete.article', function () { ... });
	}
}

// Register policies
$auth->registerPolicyProvider(new ArticlePolicyProvider);