2017 © Pedro Peláez
 

library nette-security-annotation

Acl security for presenter actions, signals and components by annotations

image

kusebauch/nette-security-annotation

Acl security for presenter actions, signals and components by annotations

  • Friday, January 6, 2017
  • by patrickkusebauch
  • Repository
  • 1 Watchers
  • 0 Stars
  • 2,313 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 1 Forks
  • 0 Open issues
  • 12 Versions
  • 2 % Grown

The README.md

Build Status codecov.ioLatest Stable VersionLicense, (*1)

nette-security-annotation

Security by annotations in Nette., (*2)

Allows securing presenters by using annotations on presenter "action" and "handle" methods. Also can tie presenter components to specific actions and secure the creation of component by the same manner., (*3)

Installation

The easiest way to install is via composer. Just run: composer require kusebauch/nette-security-annotation, (*4)

Optionally you can just download the source and include the files as needed., (*5)

Basic Usage

To enable the security just add the @Secured annotation to a method. (action*, handle*, render* or createComponent*) Optionally you can add the annotation to the class and it will cascade to all methods in the class., (*6)

Resource

Every method can have exactly one resource associated with it as of right now. The resource is defined by the @Resource annotation with string value. Resource defined at the class level is OVERRIDDEN by resource defined at method level., (*7)

Privilege

Every method can have unlimited amount of privileges associated with it. They are defined by the @Privilege annotation. The values are either string or array of strings. Privilege defined at class level are MERGED with the privileges defined at method level. Privileges are not strict - You need to have at least one privilege to access the method, not all of them., (*8)

Action

Specific annotation for createComponent* methods. Can tie this this component factory to a specific presenter action. It is defined by the @Action annotation and the rules are the same as are for the Privilege annotation., (*9)

Violation behavior

If a violation of privileges happens in an action*, handle* or render* methods, ForbiddenRequestException is thrown. THe same exception is thrown if the user is not logged in. If a method has @Secured annotation, but does not have a @Resource annotation associated with it, InvalidStateException is thrown. Also if a you try to access a component in incorrect method, ForbiddenRequestException is thrown., (*10)

Example

For examples of usage, see "tests/_support"., (*11)

Advanced usage

There are some considerations for advanced usage based on this library., (*12)

Overriding presenter methods

This library overrides the default behavior for createComponent and checkRequirements presenter methods. For this reason, special care has to be taken if overriding these methods in your own code, especially, if you use "trait" version of this library., (*13)

For createComponent method, the library calls the checkRequirements method and checks the @Action annotation., (*14)

For checkRequirements method, the library parses the annotations and calls the "$presenter->getUser()->isAllowed($resource, $privilege)" for every @Resource and @Privilege pair, tills it find the first pair, for witch it is allowed (if any)., (*15)

Overriding default behavior

You might want a different behavior if a violation of permissions happens. In this case you can just "Override the presenter methods" (more above). In this case, you might want a code like this:, (*16)

php <?php public function checkRequirements($element) { try { parent::checkRequirements($element) } catch(ForbiddenRequestException $e) { //You own exception processing } }, (*17)

The Versions

06/01 2017

dev-master

9999999-dev

Acl security for presenter actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch

06/01 2017

2.3.1

2.3.1.0

Acl security for presenter actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch

21/05 2016

2.3

2.3.0.0

Acl security for presenter actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch

17/05 2016

dev-legacy

dev-legacy

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Development Requires

by Patrick Kusebauch

17/05 2016

0.9.4

0.9.4.0

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Development Requires

by Patrick Kusebauch

17/05 2016

0.9.3

0.9.3.0

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Development Requires

by Patrick Kusebauch

17/05 2016

0.9.2

0.9.2.0

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Development Requires

by Patrick Kusebauch

19/01 2016

2.2.4

2.2.4.0

Acl security for presenter actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch

18/01 2016

2.2.3

2.2.3.0

Acl security for presenter actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch

15/01 2016

0.9.1

0.9.1.0

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Development Requires

by Patrick Kusebauch

15/01 2016

2.2.2

2.2.2.0

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch

15/01 2016

2.2.1

2.2.1.0

Acl security form presentor actions, signals and components by annotations

  Sources   Download

MIT X11

The Requires

 

The Development Requires

by Patrick Kusebauch