mimmi20 / mezzio-generic-authorization
Provides a Authorization middleware for Mezzio and PSR-7 applications.
Installs: 240 345
Dependents: 12
Suggesters: 7
Security: 0
Stars: 1
Watchers: 3
Forks: 1
Open Issues: 1
Requires
- php: ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0
- mezzio/mezzio-authentication: ^1.9.0
- mezzio/mezzio-router: ^3.17.0
- psr/container: ^1.1.2 || ^2.0.2
- psr/http-factory: ^1.1.0
- psr/http-message: ^1.0.1 || ^2.0
- psr/http-server-handler: ^1.0.2
- psr/http-server-middleware: ^1.0.2
Requires (Dev)
- ext-ctype: *
- ext-dom: *
- ext-simplexml: *
- ext-tokenizer: *
- ext-xml: *
- ext-xmlwriter: *
- infection/infection: ^0.27.11 || ^0.28.1
- laminas/laminas-servicemanager: ^4.1.0
- mimmi20/coding-standard: ^5.2.43
- nikic/php-parser: ^4.19.1 || ^5.0.2
- phpstan/extension-installer: ^1.4.3
- phpstan/phpstan: ^1.12.3
- phpstan/phpstan-deprecation-rules: ^1.2.1
- phpstan/phpstan-phpunit: ^1.4.0
- phpunit/phpunit: ^10.5.26
- rector/rector: ^1.2.5
- rector/type-perfect: ^0.2.0
- symplify/phpstan-rules: ^13.0.1
- tomasvotruba/cognitive-complexity: ^0.2.3
- tomasvotruba/type-coverage: ^0.3.1
- tomasvotruba/unused-public: ^0.3.11
Suggests
- mimmi20/mezzio-generic-authorization-acl: provides a laminas-permissions-acl-backed adapter
- mimmi20/mezzio-generic-authorization-rbac: provides a laminas-permissions-rbac-backed adapter
Conflicts
README
Code Status
Installation
You can install the mezzio-generic-authorization library with Composer:
composer require mimmi20/mezzio-generic-authorization
Introduction
This component provides middleware for Mezzio and PSR-7 applications for authorizing specific routes based on ACL or RBAC systems.
Unlike in mezzio-authorization this library does not require
the ServerRequestInterface
by default. This makes it possible to use this component in combination with mezzio-navigation.
If you are using the provided midleware, the route name is used as the resource.
An authorization system first needs authentication: to verify that an identity has access to something (i.e., is authorized) we first need the identity, which is provided during authentication.
Authentication is provided via the package
mezzio-authentication.
That library provides an AuthenticationMiddleware
class that verify
credentials using the HTTP request, and stores the identity via a
PSR-7 request attribute.
The identity generated by mezzio-authentication is stored as the
request attribute Mezzio\Authentication\UserInterface
as a
UserInterface
implementation. That interface looks like the following:
namespace Mezzio\Authentication; interface UserInterface { /** * Get the unique user identity (id, username, email address or ...) */ public function getIdentity() : string; /** * Get all user roles * * @return Iterable */ public function getRoles() : iterable; /** * Get a detail $name if present, $default otherwise */ public function getDetail(string $name, $default = null); /** * Get all the details, if any */ public function getDetails() : array; }
mezzio-generic-authorization consumes this identity attribute. It checks if a
user's role (as retrieved from the UserInterface
object) is authorized
(granted) to the perform the current HTTP request.
Authorization is performed using the isGranted()
method of the AuthorizationInterface
public function isGranted(?string $role = null, ?string $resource = null, ?string $privilege = null, ?\Psr\Http\Message\ServerRequestInterface\ServerRequestInterface $request = null): bool;
Two adapters are available:
- mezzio-generic-authorization-rbac, which implements Role-Based Access Controls (RBAC)
- mezzio-generic-authorization-acl, which implements an Access Control List (ACL).
If you want to know more about authentication using middleware in PHP, we suggest reading the blog post "Authorize users using Middleware".
Authorization adapters
You can configure the authorization adapter to use via your service container
configuration. Specifically, you can either map the service name
Mimmi20\Mezzio\GenericAuthorization\AuthorizationInterface
to a factory, or alias it
to the appropriate service.
For instance, using Mezzio container configuration, you could select the mezzio-authorization-acl adapter in either of the following ways:
-
Using an alias:
use Mimmi20\Mezzio\GenericAuthorization\AuthorizationInterface; use Mimmi20\Mezzio\GenericAuthorization\Acl\LaminasAcl; return [ 'dependencies' => [ // Using an alias: 'aliases' => [ AuthorizationInterface::class => LaminasAcl::class, ], ], ];
-
Mapping to a factory:
use Mimmi20\Mezzio\GenericAuthorization\AuthorizationInterface; use Mimmi20\Mezzio\GenericAuthorization\Acl\LaminasAclFactory; return [ 'dependencies' => [ // Using a factory: 'factories' => [ AuthorizationInterface::class => LaminasAclFactory::class, ], ], ];
We provide two different adapters.
- The RBAC adapter is provided by mezzio-generic-authorization-rbac.
- The ACL adapter is provided by mezzio-generic-authorization-acl.
Each adapter is installable via Composer:
composer require mimmi20/mezzio-generic-authorization-rbac
# or
composer require mimmi20/mezzio-generic-authorization-acl
License
This package is licensed using the MIT License.
Please have a look at LICENSE.md
.