2017 © Pedro PelĂĄez
 

library security-extra-bundle

Symfony security extra features

image

yokai/security-extra-bundle

Symfony security extra features

  • Thursday, August 24, 2017
  • by yann-eugone
  • Repository
  • 1 Watchers
  • 0 Stars
  • 1 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 1 Versions
  • 0 % Grown

The README.md

YokaiSecurityExtraBundle

Latest Stable Version Latest Unstable Version Total Downloads License, (*1)

Build Status Scrutinizer Code Quality Code Coverage, (*2)

Installation

Add the bundle as dependency with Composer

``` bash $ composer require yokai/security-extra-bundle:1.0-dev, (*3)


### Enable the bundle in the kernel

``` php
<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = [
        // ...
        new Yokai\SecurityExtraBundle\YokaiSecurityExtraBundle(),
    ];
}

Configuration

Imagine that you handle an entity named AppBundle\Entity\Article on which you has basic CRUD operations., (*4)

You can imagine what kind of checks you will have to implements to secure your CRUD actions :, (*5)

  • browsing posts is allowed if you have the role ROLE_ARTICLE_LIST
  • displaying post details is allowed if you have the role ROLE_ARTICLE_SHOW
  • creating a new post is allowed if you have the role ROLE_ARTICLE_CREATE
  • updating an existing post is allowed if you have the role ROLE_ARTICLE_UPDATE AND if you created this post in the first place
  • deleting an existing post is allowed if you have the role ROLE_ARTICLE_DELETE AND if you created this post in the first place

OK, here is a way to configure it :, (*6)

``` yaml, (*7)

app/config/config.yml

yokai_security_extra: permissions:, (*8)

    - attributes: 'browse'
      roles:      ROLE_ARTICLE_LIST

    - attributes: 'details'
      subjects:   AppBundle\Entity\Article
      roles:      ROLE_ARTICLE_SHOW

    - attributes: 'create'
      roles:      ROLE_ARTICLE_CREATE

    - attributes: 'update'
      subjects:   AppBundle\Entity\Article
      roles:      ROLE_ARTICLE_UPDATE
      callables:  'isOwnedBy'

    - attributes: 'delete'
      subjects:   AppBundle\Entity\Article
      roles:      ROLE_ARTICLE_DELETE
      callables:  'isOwnedBy'

**note** `isOwnedBy` is a method available on `AppBundle\Entity\Article` that could look like
```php
public function isOwnedBy(User $user)
{
    return $this->author === $user;
}

Advanced

todo, (*9)

MIT License

License can be found here., (*10)

Authors

The bundle was originally created by Yann Eugoné., (*11)

See the list of contributors., (*12)

The Versions

24/08 2017

dev-master

9999999-dev

Symfony security extra features

  Sources   Download

MIT

The Requires

 

The Development Requires

by Yann Eugoné