symplify / symfony-security
Voters and Firewall features from Symfony\Security for standalone use.
Requires
- php: ^7.0
- nette/di: ~2.4
- nette/http: ~2.4
- nette/security: ~2.4
- symfony/security-core: ~3.1
- symfony/security-http: ~3.1
- symplify/symfony-event-dispatcher: ~1.2
Requires (Dev)
- nette/application: ~2.4
- nette/bootstrap: ~2.4
- nette/robot-loader: ~2.4
- nette/utils: ~2.4
- phpunit/phpunit: ~5.7
- symplify/coding-standard: ~1.2
- tracy/tracy: ~2.4
This package is not auto-updated.
Last update: 2018-07-17 17:55:08 UTC
README
Install
composer require symplify/symfony-security
Register the extension:
# app/config/config.neon extensions: - Symplify\SymfonySecurity\Adapter\Nette\DI\SymfonySecurityExtension - Symplify\SymfonyEventDispatcher\DI\SymfonyEventDispatcherExtension
Usage
Voters
First, read Symfony cookbook
Then create new voter implementing Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
and register it as service in config.neon
:
services: - App\SomeModule\Security\Voter\MyVoter
Then in place, where we need to validate access, we'll just use AuthorizationChecker
:
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; class Presenter { /** * @var AuthorizationCheckerInterface */ private $authorizationChecker; public function __construct(AuthorizationCheckerInterface $authorizationChecker) { $this->authorizationChecker = $authorizationChecker; } /** * @param PresenterComponentReflection $element */ public function checkRequirements($element) { if ($this->authorizationChecker->isGranted('access', $element) === FALSE) { throw new ForbiddenRequestException; } } }
Firewalls
Original Symfony firewalls pretty simplified and with modular support by default.
All we need to create is a matcher and a listener.
Request Matcher
This service will match all sites in admin module - urls starting with /admin
:
use Symfony\Component\HttpFoundation\Request; use Symplify\SymfonySecurity\Contract\HttpFoundation\RequestMatcherInterface; class AdminRequestMatcher implements RequestMatcherInterface { /** * {@inheritdoc} */ public function getFirewallName() { return 'adminSecurity'; } /** * {@inheritdoc} */ public function matches(Request $request) { $url = $request->getPathInfo(); return strpos($url, '/admin') === 0; } }
Firewall Listener
It will ensure that user is logged in and has 'admin' role, otherwise redirect.
use Nette\Application\AbortException; use Nette\Application\Application; use Nette\Application\Request; use Nette\Security\User; use Symplify\SymfonySecurity\Contract\Http\FirewallListenerInterface; class LoggedAdminFirewallListener implements FirewallListenerInterface { /** * @var User */ private $user; public function __construct(User $user) { $this->user = $user; } /** * {@inheritdoc} */ public function getFirewallName() { return 'adminSecurity'; } /** * {@inheritdoc} */ public function handle(Application $application, Request $applicationRequest) { if ( ! $this->user->isLoggedIn()) { throw new AbortException; } if ( ! $this->user->isInRole('admin')) { throw new AbortException; } } }
Then we register both services.
services: - AdminRequestMatcher - LoggedAdminFirewallListener
That's it!
Testing
composer check-cs # see "scripts" section of composer.json for more details
vendor/bin/phpunit
Contributing
Rules are simple:
- new feature needs tests
- all tests must pass
- 1 feature per PR
We would be happy to merge your feature then!