keboola / permission-checker
Keboola K8S client library
Installs: 9 031
Dependents: 2
Suggesters: 0
Security: 0
Stars: 0
Watchers: 9
Forks: 0
Open Issues: 0
Requires
- php: ^8.1
- keboola/common-exceptions: ^1.2
Requires (Dev)
- infection/infection: ^0.27.0
- keboola/coding-standard: ^15.0
- keboola/storage-api-php-client-branch-wrapper: ^5.1
- phpstan/phpstan: ^1.9
- phpstan/phpstan-phpunit: ^1.1
- phpunit/phpunit: ^9.5
- sempro/phpunit-pretty-print: ^1.4
- symfony/dotenv: ^6.2
- symfony/filesystem: ^6.1
README
Generic permissions checker that centralizes all permission checks in one place.
Usage
Library provides Keboola\PermissionChecker\StorageApiTokenInterface
interface that is expected to be implemented by
caller (or provided by some other compatible library). The token is then passed to Keboola\PermissionChecker\PermissionChecker
along with concrete checker for the action to be validated.
If the check passes, script execution continues normally. If the check fails, Keboola\PermissionChecker\Exception\PermissionException
is thrown with a message that describes the reason of the failure and is safe to be presented to a user.
use Keboola\PermissionChecker\PermissionChecker; use Keboola\PersmissionChecker\Checker\JobQueue\CanRunJob; $storageToken = new MyStorageApiClass(...) $checker = new PermissionChecker(); $checker->checkPermissions($storageToken, new CanRunJob(BranchType::DEFAULT, 'keboola.component-id'));
Development
Prerequisites:
- installed
docker
to run & develop the library
TL;DR:
docker compose run --rm dev-permission-checker composer install
docker compose run --rm dev-permission-checker composer ci
Implementing new checker
Each action that needs to be validated has its own checker - a class implementing
Keboola\PermissionChecker\Checker\PermissionCheckerInterface
. The interface has just a single method checkPermission
which receives Keboola\PersmissionChecker\StorageApiToken
instance
(different class that the token passed to Keboola\PermissionChecker\PermissionChecker::checkPermissions()
!)
and throws Keboola\PermissionChecker\Exception\PermissionException
if the check fails.
If the checker requires any additional data or depends on some other service, it is free to require it through its constructor.
License
MIT licensed, see LICENSE file.