Code Monkey home page Code Monkey logo

zfcrbac's Introduction

ZfcRbac Module for Zend Framework 2

ZfcRbac is an access control module for Zend Framework 2 geared towards quick & easy setup. Getting access control working should take you less than 5 minutes.

Requirements

Installation

Installation of ZfcRbac uses composer. For composer documentation, please refer to getcomposer.org.

Installation steps

  1. cd my/project/directory

  2. create a composer.json file with following contents:

    {
    "require": {
        "zf-commons/zfc-rbac": "dev-master"
    }
}

  3. install composer via curl -s http://getcomposer.org/installer | php (on windows, download http://getcomposer.org/installer and execute it with PHP)

  4. run php composer.phar install

  5. open my/project/directory/configs/application.config.php and add the following key to your modules:

    'ZfcRbac',

Providers

Providers are listeners that hook into various events to provide roles and permissions. ZfcRbac ships with several providers that you can use out of the box:

  • Generic Providers:
    • Permission (Generic\DoctrineDbal): Uses DoctrineDBAL to configure permissions.
    • Permission (Generic\InMemory): In memory permission adapter used primarily for testing or small sites.
    • Role (Generic\InMemory): In memory role adapter used primarily for testing or small sites.
    • Role (AdjacencyList\Role): Used for pre-loading roles in an adjacency list style.
    • Lazy (NestedSet\DoctrineDbal): Used to lazy-load permissions/roles from DoctrineDBAL. This is used to for sites with lots of permissions/roles so that the entire tree isn't in memory. It also uses the nested set model rather than adjacency list for performant tree reads. It's recommended to use this adapter standalone.

See the module.config.php file for sample setups.

Firewalls

Firewalls protect your resources by allowing access only to the roles you specify. By default, two firewall types are provided:

  • Route: Protects your routes.
  • Controller: Protects controllers.

By default, only controller access is enabled. See the module.config.php file for sample setups.

Setting the identity provider

The identity provider is a service alias setup to provide a working identity to ZfcRbac. The default alias is my_identity_provider but can be changed via the identity_provider key in configuration. The object returned by the identity provider must implement ZfcRbac\Identity\IdentityInterface.

View helper and controller plugin

An isGranted($permission) view helper and controller plugin is available. To use, simply pass a permission to check for access.

Sample configuration

<?php
return array(
	'zfcrbac' => array(
        'firewalls' => array(
            'ZfcRbac\Firewall\Controller' => array(
                array('controller' => 'index', 'action' => 'index', 'roles' => 'guest')
            ),
            'ZfcRbac\Firewall\Route' => array(
                array('route' => 'profiles/add', 'roles' => 'member'),
                array('route' => 'admin/*', 'roles' => 'administrator')
            ),
        ),    	
    	'providers' => array(
        	'ZfcRbac\Provider\AdjacencyList\Role\DoctrineDbal' => array(
        		'connection'	=> 'doctrine.connection.orm_default',
        		'options' => array(
	                'table'         => 'rbac_role',
	                'id_column'     => 'role_id',
	                'name_column'   => 'role_name',
	                'join_column' 	=> 'parent_role_id'
        		)
        	),
    		'ZfcRbac\Provider\Generic\Permission\DoctrineDbal' => array(
    			'connection'         	=> 'doctrine.connection.orm_default',
    			'options' => array(
	                'permission_table'      => 'rbac_permission',
	    			'role_table'            => 'rbac_role',
	    			'role_join_table'     	=> 'rbac_role_permission',
	    			'permission_id_column'  => 'perm_id',
	    			'permission_join_column'=> 'perm_id',
	    			'role_id_column'        => 'role_id',
	    			'role_join_column'     	=> 'role_id',
	    			'permission_name_column'=> 'perm_desc',
	    			'role_name_column' 		=> 'role_name'
    			)
    		),
        ),		
		'identity_provider' => 'standard_identity'				
    ),
	'service_manager' => array(
		'factories' => array(
			'standard_identity' => function ($sm) {
				$roles = array('guest','member','admin');
				$identity = new \ZfcRbac\Identity\StandardIdentity($roles);
				return $identity;
			},
		)
	),
);

Protecting your services

Protecting your services is as easy as injecting the ZfcRbac service into your services. You can then use the provided isGranted($role) method to check if access is allowed.

For example,

<?php
class NewService
{
    protected $rbac;

    public function __construct(\ZfcRbac\Service\Rbac $rbac)
    {
        $this->rbac = $rbac;
    }

    public function createPost()
    {
        if (!$this->rbac->isGranted('ROLE_NEWS_MANAGER')) {
            // code
        }

        // code
    }
}

Dynamic assertions

Dynamic assertions are available by passing an instance of ZfcRbac\AssertionInterface or a Closure to isGranted() as the second parameter. For example,

<?php
$event = new \My\Event;
$event->setUserId(1);

// Verify the user has both event.update permission and that the user id matches the event user id
$rbac->isGranted('event.update', function($rbac) use ($event) {
    return $rbac->getIdentity()->getId() === $event->getUserId();
});

zfcrbac's People

Contributors

davidquintard avatar raykolbe avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.