From f54baea0b69313b5fb1feae1d2ab43f9214397fe Mon Sep 17 00:00:00 2001 From: Glenn Eggleton Date: Mon, 25 Jan 2016 10:54:55 -0500 Subject: [PATCH 1/4] Update README.md - Added code block for middleware --- README.md | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2faf9a0..5d9a1e4 100644 --- a/README.md +++ b/README.md @@ -69,4 +69,43 @@ return [ ]; ``` -If this does not fit your usage, feel free to override the default handler by setting your own via `setHandler(callable)` \ No newline at end of file +If this does not fit your usage, feel free to override the default handler by setting your own via `setHandler(callable)` + +## Middleware +You can use the repo class directly which contains this code block... or modify this code block to suit your needs. +```php + +$app->add(function (Request $request, Response $res, $next) { + /** @var $aclRepo AclRepository */ + $aclRepo = $this->get(AclRepository::class); + $allowed = false; + + $route = '/' . ltrim($request->getUri()->getPath(), '/'); + var_dump($route); + + try { + $allowed = $aclRepo->isAllowedWithRoles($aclRepo->getRole(), $route); + } catch (InvalidArgumentException $iae) { + $fn = function (ServerRequestInterface $requestInterface, AclRepository $aclRepo) { + + $route = $requestInterface->getAttribute('route'); + if (!empty($route)) { + foreach ($aclRepo->getRole() as $role) { + if ($aclRepo->isAllowed($role, $route->getPattern())) { + return true; + } + } + } + return false; + }; + + $allowed = $fn($request, $aclRepo); + } + + if ($allowed) { + return $next($request, $res); + } else { + return $res->withStatus(401); + } +}); +``` From fef28a2d4e77e3cba11ccd0ba4cd32f604ac0405 Mon Sep 17 00:00:00 2001 From: Glenn Eggleton Date: Mon, 25 Jan 2016 11:01:48 -0500 Subject: [PATCH 2/4] Update composer.json - Added Keywords to composer.json --- composer.json | 1 + 1 file changed, 1 insertion(+) diff --git a/composer.json b/composer.json index ea17a57..6dd5100 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,7 @@ { "name": "geggleto/psr7-acl", "description": "PSR-7 Zend ACL", + "keywords": ["acl","permissions","slim","psr-7","psr7","zend"], "license": "MIT", "authors": [ { From cec6dfaaf710fd62d227b1422b143d9825caa252 Mon Sep 17 00:00:00 2001 From: Glenn Eggleton Date: Mon, 25 Jan 2016 11:11:24 -0500 Subject: [PATCH 3/4] Update README.md - Added more explanation --- README.md | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 5d9a1e4..5e1563a 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,17 @@ Provides a ACL repository and Middleware using Zend/Permissions/Acl library PSR-7 Compliant +# How it works +- Resources are end-points +- Roles are a group of resources +- You can either allow or deny those roles. + +The roles a user has are loaded into the AclRepo on every request. I suggest loading them into a session variable rather than pulling them from storage everytime (usage case depending). + +The current route is then inspected and compared to the list of accessable resources in a middleware. a 401 is returned if a user is not allowed. If the user is allowed the application is allowed to continue. + +By default no message body is provided on the 401, and if you require a page to be rendered then you will need to write your own middleware. + # Usage Example ```php @@ -76,36 +87,35 @@ You can use the repo class directly which contains this code block... or modify ```php $app->add(function (Request $request, Response $res, $next) { - /** @var $aclRepo AclRepository */ - $aclRepo = $this->get(AclRepository::class); - $allowed = false; + /** @var $aclRepo AclRepository */ + $aclRepo = $this->get(AclRepository::class); //In Slim 3 the container is bound to function definitions + $allowed = false; // We assume that the user cannot access the route - $route = '/' . ltrim($request->getUri()->getPath(), '/'); - var_dump($route); + $route = '/' . ltrim($request->getUri()->getPath(), '/'); //We construct our path - try { + try { //Check here... This will pass when a route is simple and there is no route parameters $allowed = $aclRepo->isAllowedWithRoles($aclRepo->getRole(), $route); - } catch (InvalidArgumentException $iae) { + } catch (InvalidArgumentException $iae) { //This is executed in cases where there is a route parameters... /user/{id:} $fn = function (ServerRequestInterface $requestInterface, AclRepository $aclRepo) { - - $route = $requestInterface->getAttribute('route'); + //This will likely only work in Slim 3... This requires the determineRouteBeforeAppMiddleware => true to be set in the container + $route = $requestInterface->getAttribute('route'); // Grab the route to get the pattern if (!empty($route)) { foreach ($aclRepo->getRole() as $role) { - if ($aclRepo->isAllowed($role, $route->getPattern())) { - return true; + if ($aclRepo->isAllowed($role, $route->getPattern())) { // check to see fi the user can access the pattern + return true; //Is allowed } } } return false; }; - $allowed = $fn($request, $aclRepo); + $allowed = $fn($request, $aclRepo); // Execute the fail-safe } if ($allowed) { return $next($request, $res); } else { - return $res->withStatus(401); + return $res->withStatus(401); //Is not allowed. if you need to render a template then do that. } }); ``` From bfb72f22d64c07f25122e0fd501b8ed65e359c8b Mon Sep 17 00:00:00 2001 From: Glenn Eggleton Date: Thu, 28 Jan 2016 13:47:30 -0500 Subject: [PATCH 4/4] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5e1563a..edf3bc4 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ Provides a ACL repository and Middleware using Zend/Permissions/Acl library PSR-7 Compliant +- Blog post on this package +- http://bolt.tamingtheelephpant.com/page/psr-7-permissions + # How it works - Resources are end-points - Roles are a group of resources