symplify/symfony-security

This package is abandoned and no longer maintained. No replacement package was suggested.

Voters and Firewall features from Symfony\Security for standalone use.

v1.2.21 2016-12-23 20:55 UTC

This package is not auto-updated.

Last update: 2018-07-17 17:55:08 UTC


README

Build Status Quality Score Code Coverage Downloads Latest stable

Install

composer require symplify/symfony-security

Register the extension:

# app/config/config.neon
extensions:
    - Symplify\SymfonySecurity\Adapter\Nette\DI\SymfonySecurityExtension
    - Symplify\SymfonyEventDispatcher\DI\SymfonyEventDispatcherExtension

Usage

Voters

First, read Symfony cookbook

Then create new voter implementing Symfony\Component\Security\Core\Authorization\Voter\VoterInterface and register it as service in config.neon:

services:
    - App\SomeModule\Security\Voter\MyVoter

Then in place, where we need to validate access, we'll just use AuthorizationChecker:

use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;


class Presenter
{

    /**
     * @var AuthorizationCheckerInterface
     */
    private $authorizationChecker;


    public function __construct(AuthorizationCheckerInterface $authorizationChecker)
    {
        $this->authorizationChecker = $authorizationChecker;
    }


    /**
     * @param PresenterComponentReflection $element
     */
    public function checkRequirements($element)
    {
        if ($this->authorizationChecker->isGranted('access', $element) === FALSE) {
            throw new ForbiddenRequestException;
        }
    }

}

Firewalls

Original Symfony firewalls pretty simplified and with modular support by default.

All we need to create is a matcher and a listener.

Request Matcher

This service will match all sites in admin module - urls starting with /admin:

use Symfony\Component\HttpFoundation\Request;
use Symplify\SymfonySecurity\Contract\HttpFoundation\RequestMatcherInterface;


class AdminRequestMatcher implements RequestMatcherInterface
{

    /**
     * {@inheritdoc}
     */
    public function getFirewallName()
    {
        return 'adminSecurity';
    }


    /**
     * {@inheritdoc}
     */
    public function matches(Request $request)
    {
        $url = $request->getPathInfo();
        return strpos($url, '/admin') === 0;
    }

}

Firewall Listener

It will ensure that user is logged in and has 'admin' role, otherwise redirect.

use Nette\Application\AbortException;
use Nette\Application\Application;
use Nette\Application\Request;
use Nette\Security\User;
use Symplify\SymfonySecurity\Contract\Http\FirewallListenerInterface;


class LoggedAdminFirewallListener implements FirewallListenerInterface
{

    /**
     * @var User
     */
    private $user;


    public function __construct(User $user)
    {
        $this->user = $user;
    }


    /**
     * {@inheritdoc}
     */
    public function getFirewallName()
    {
        return 'adminSecurity';
    }


    /**
     * {@inheritdoc}
     */
    public function handle(Application $application, Request $applicationRequest)
    {
        if ( ! $this->user->isLoggedIn()) {
            throw new AbortException;
        }

        if ( ! $this->user->isInRole('admin')) {
            throw new AbortException;
        }
    }

}

Then we register both services.

services:
    - AdminRequestMatcher
    - LoggedAdminFirewallListener

That's it!

Testing

composer check-cs # see "scripts" section of composer.json for more details 
vendor/bin/phpunit

Contributing

Rules are simple:

  • new feature needs tests
  • all tests must pass
  • 1 feature per PR

We would be happy to merge your feature then!