symnedi / security
Voters and Firewall features from Symfony\Security integration to Nette.
Requires
- php: ^7.0
- nette/di: ~2.4
- nette/http: ~2.4
- nette/security: ~2.4
- symfony/security-core: ~3.1
- symfony/security-http: ~3.1
- symnedi/event-dispatcher: ~0.2
Requires (Dev)
- nette/application: ~2.4
- nette/bootstrap: ~2.4
- nette/robot-loader: ~2.4
- nette/utils: ~2.4
- phpunit/phpunit: ~5.5
- symplify/coding-standard: ^1.2
- tracy/tracy: ~2.4
README
Install
composer require symnedi/security
Register the extension:
# app/config/config.neon extensions: - Symnedi\Security\DI\SecurityExtension - Symnedi\EventDispatcher\DI\EventDispatcherExtension
Usage
Voters
First, read Symfony cookbook
Then create new voter implementing Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
and register it as service in config.neon
:
services: - App\SomeModule\Security\Voter\MyVoter
Then in place, where we need to validate access, we'll just use AuthorizationChecker
:
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; class Presenter { /** * @var AuthorizationCheckerInterface */ private $authorizationChecker; public function __construct(AuthorizationCheckerInterface $authorizationChecker) { $this->authorizationChecker = $authorizationChecker; } /** * @param PresenterComponentReflection $element */ public function checkRequirements($element) { if ($this->authorizationChecker->isGranted('access', $element) === FALSE) { throw new ForbiddenRequestException; } } }
Firewalls
Original Symfony firewalls pretty simplified and with modular support by default.
All we need to create is a matcher and a listener.
Request Matcher
This service will match all sites in admin module - urls starting with /admin
:
use Symfony\Component\HttpFoundation\Request; use Symnedi\Security\Contract\HttpFoundation\RequestMatcherInterface; class AdminRequestMatcher implements RequestMatcherInterface { /** * {@inheritdoc} */ public function getFirewallName() { return 'adminSecurity'; } /** * {@inheritdoc} */ public function matches(Request $request) { $url = $request->getPathInfo(); return strpos($url, '/admin') === 0; } }
Firewall Listener
It will ensure that user is logged in and has 'admin' role, otherwise redirect.
use Nette\Application\AbortException; use Nette\Application\Application; use Nette\Application\Request; use Nette\Security\User; use Symnedi\Security\Contract\Http\FirewallListenerInterface; class LoggedAdminFirewallListener implements FirewallListenerInterface { /** * @var User */ private $user; public function __construct(User $user) { $this->user = $user; } /** * {@inheritdoc} */ public function getFirewallName() { return 'adminSecurity'; } /** * {@inheritdoc} */ public function handle(Application $application, Request $applicationRequest) { if ( ! $this->user->isLoggedIn()) { throw new AbortException; } if ( ! $this->user->isInRole('admin')) { throw new AbortException; } } }
Then we register both services.
services: - AdminRequestMatcher - LoggedAdminFirewallListener
That's it!
Testing
composer check-cs # see "scripts" section of composer.json for more details
vendor/bin/phpunit
Contributing
Rules are simple:
- new feature needs tests
- all tests must pass
- 1 feature per PR
We would be happy to merge your feature then!