2017 © Pedro Peláez
 

library bjy-authorize

Zend\Acl based firewall system for ZF2 dispatch protection

image

bjyoungblood/bjy-authorize

Zend\Acl based firewall system for ZF2 dispatch protection

  • Monday, May 14, 2018
  • by Ocramius
  • Repository
  • 54 Watchers
  • 296 Stars
  • 410,264 Installations
  • PHP
  • 42 Dependents
  • 10 Suggesters
  • 159 Forks
  • 47 Open issues
  • 17 Versions
  • 3 % Grown

The README.md

BjyAuthorize - Acl security for ZF2

Deprecated

This package is now officially deprecated and will not receive any future updates or bug fixes., (*1)

As long-term support for Zend Framework 2 ended on 2018-03-31, any users who currently rely on this package are heavily encouraged to migrate to Zend Framework 3 or another framework., (*2)

Build Status Coverage Status Total Downloads Latest Stable Version Latest Unstable Version Dependency Status, (*3)

This module is designed to provide a facade for Zend\Permissions\Acl that will ease its usage with modules and applications. By default, it provides simple setup via config files or by using Zend\Db or Doctrine ORM/ODM (via ZfcUserDoctrineORM)., (*4)

What does BjyAuthorize do?

BjyAuthorize adds event listeners to your application so that you have a "security" or "firewall" that disallows unauthorized access to your controllers or routes., (*5)

This is what a normal Zend\Mvc application workflow would look like:, (*6)

Zend Mvc Application workflow, (*7)

And here's how it would look like with BjyAuthorize enabled:, (*8)

Zend Mvc Application workflow with BjyAuthorize, (*9)

Requirements

Installation

Composer

The suggested installation method is via composer:, (*10)

php composer.phar require bjyoungblood/bjy-authorize:1.4.*
php composer.phar require zf-commons/zfc-user:0.1.*

Configuration

Following steps apply if you want to use ZfcUser with Zend\Db. If you want to use Doctrine ORM/ODM, you should also check the doctrine documentation., (*11)

  1. Ensure that following modules are enabled in your application.config.php file in the this order:
    • ZfcBase
    • ZfcUser
    • BjyAuthorize
  2. Import the SQL schema located in ./vendor/BjyAuthorize/data/schema.sql.
  3. Create a ./config/autoload/bjyauthorize.global.php file and fill it with configuration variable values as described in the following annotated example.

Here is an annotated sample configuration file:, (*12)

<?php

// For PHP <= 5.4, you should replace any ::class references with strings
// remove the first \ and the ::class part and encase in single quotes

return [
    'bjyauthorize' => [

        // set the 'guest' role as default (must be defined in a role provider)
        'default_role' => 'guest',

        /* this module uses a meta-role that inherits from any roles that should
         * be applied to the active user. the identity provider tells us which
         * roles the "identity role" should inherit from.
         * for ZfcUser, this will be your default identity provider
        */
        'identity_provider' => \BjyAuthorize\Provider\Identity\ZfcUserZendDb::class,

        /* If you only have a default role and an authenticated role, you can
         * use the 'AuthenticationIdentityProvider' to allow/restrict access
         * with the guards based on the state 'logged in' and 'not logged in'.
         *
         * 'default_role'       => 'guest',         // not authenticated
         * 'authenticated_role' => 'user',          // authenticated
         * 'identity_provider'  => \BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider::class,
         */

        /* role providers simply provide a list of roles that should be inserted
         * into the Zend\Acl instance. the module comes with two providers, one
         * to specify roles in a config file and one to load roles using a
         * Zend\Db adapter.
         */
        'role_providers' => [

            /* here, 'guest' and 'user are defined as top-level roles, with
             * 'admin' inheriting from user
             */
            \BjyAuthorize\Provider\Role\Config::class => [
                'guest' => [],
                'user'  => ['children' => [
                    'admin' => [],
                ]],
            ],

            // this will load roles from the user_role table in a database
            // format: user_role(role_id(varchar], parent(varchar))
            \BjyAuthorize\Provider\Role\ZendDb::class => [
                'table'                 => 'user_role',
                'identifier_field_name' => 'id',
                'role_id_field'         => 'role_id',
                'parent_role_field'     => 'parent_id',
            ],

            // this will load roles from
            // the 'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' service
            \BjyAuthorize\Provider\Role\ObjectRepositoryProvider::class => [
                // class name of the entity representing the role
                'role_entity_class' => 'My\Role\Entity',
                // service name of the object manager
                'object_manager'    => 'My\Doctrine\Common\Persistence\ObjectManager',
            ],
        ],

        // resource providers provide a list of resources that will be tracked
        // in the ACL. like roles, they can be hierarchical
        'resource_providers' => [
            \BjyAuthorize\Provider\Resource\Config::class => [
                'pants' => [],
            ],
        ],

        /* rules can be specified here with the format:
         * [roles (array], resource, [privilege (array|string], assertion])
         * assertions will be loaded using the service manager and must implement
         * Zend\Acl\Assertion\AssertionInterface.
         * *if you use assertions, define them using the service manager!*
         */
        'rule_providers' => [
            \BjyAuthorize\Provider\Rule\Config::class => [
                'allow' => [
                    // allow guests and users (and admins, through inheritance)
                    // the "wear" privilege on the resource "pants"
                    [['guest', 'user'], 'pants', 'wear'],
                ],

                // Don't mix allow/deny rules if you are using role inheritance.
                // There are some weird bugs.
                'deny' => [
                    // ...
                ],
            ],
        ],

        /* Currently, only controller and route guards exist
         *
         * Consider enabling either the controller or the route guard depending on your needs.
         */
        'guards' => [
            /* If this guard is specified here (i.e. it is enabled], it will block
             * access to all controllers and actions unless they are specified here.
             * You may omit the 'action' index to allow access to the entire controller
             */
            \BjyAuthorize\Guard\Controller::class => [
                ['controller' => 'index', 'action' => 'index', 'roles' => ['guest','user']],
                ['controller' => 'index', 'action' => 'stuff', 'roles' => ['user']],
                // You can also specify an array of actions or an array of controllers (or both)
                // allow "guest" and "admin" to access actions "list" and "manage" on these "index",
                // "static" and "console" controllers
                [
                    'controller' => ['index', 'static', 'console'],
                    'action' => ['list', 'manage'],
                    'roles' => ['guest', 'admin'],
                ],
                [
                    'controller' => ['search', 'administration'],
                    'roles' => ['staffer', 'admin'],
                ],
                ['controller' => 'zfcuser', 'roles' => []],
                // Below is the default index action used by the ZendSkeletonApplication
                // ['controller' => 'Application\Controller\Index', 'roles' => ['guest', 'user']],
            ],

            /* If this guard is specified here (i.e. it is enabled], it will block
             * access to all routes unless they are specified here.
             */
            \BjyAuthorize\Guard\Route::class => [
                ['route' => 'zfcuser', 'roles' => ['user']],
                ['route' => 'zfcuser/logout', 'roles' => ['user']],
                ['route' => 'zfcuser/login', 'roles' => ['guest']],
                ['route' => 'zfcuser/register', 'roles' => ['guest']],
                // Below is the default index action used by the ZendSkeletonApplication
                ['route' => 'home', 'roles' => ['guest', 'user']],
            ],
        ],
    ],
];

Helpers and Plugins

There are view helpers and controller plugins registered for this module. In either a controller or a view script, you can call $this->isAllowed($resource[, $privilege]), which will query the ACL using the currently authenticated (or default) user's roles., (*13)

Whenever you need to stop processing your action you can throw an UnAuthorizedException and users will see you message on a 403 page., (*14)

function cafeAction() {
    if (!$this->isAllowed('alcohol', 'consume')) {
        throw new \BjyAuthorize\Exception\UnAuthorizedException('Grow a beard first!');
    }

    // party on ...
}

License

Released under the MIT License. See file LICENSE included with the source code for this project for a copy of the licensing terms., (*15)

The Versions

14/05 2018

dev-master

9999999-dev https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

20/09 2013

1.5.0-beta1

1.5.0.0-beta1 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

05/07 2013

1.4.0

1.4.0.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

26/06 2013

1.4.0-beta1

1.4.0.0-beta1 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

24/06 2013

1.3.1

1.3.1.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

30/05 2013

1.3.0

1.3.0.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

12/05 2013

1.2.6

1.2.6.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

02/05 2013

1.2.5

1.2.5.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

06/04 2013

1.2.4

1.2.4.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

16/03 2013

1.2.3

1.2.3.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

15/03 2013

1.2.2

1.2.2.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

08/03 2013

1.2.1

1.2.1.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

06/03 2013

1.2.0

1.2.0.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Marco Pivetta
by Ben Youngblood

acl zf2 zfc-user

26/02 2013

1.1.2

1.1.2.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Ben Youngblood

acl zf2 zfc-user

08/02 2013

1.1.1

1.1.1.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Ben Youngblood

acl zf2 zfc-user

10/01 2013

1.1.0

1.1.0.0 https://github.com/bjyoungblood/BjyAuthorize

Zend\Acl based firewall system for ZF2 dispatch protection

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

by Ben Youngblood

acl zf2 zfc-user

19/12 2012

1.0.0

1.0.0.0 https://github.com/bjyoungblood/BjyAuthorize

Easy-use loader and manager for Zend\Acl with built-in route and dispatch protection

  Sources   Download

The Requires

 

by Ben Youngblood

acl zf2 zfc-user