{"id":23058348,"url":"https://github.com/germaniakg/authorization","last_synced_at":"2025-04-03T06:17:18.520Z","repository":{"id":62510155,"uuid":"72518055","full_name":"GermaniaKG/Authorization","owner":"GermaniaKG","description":"Simple authorization solution with no hierarchical stuff so far.","archived":false,"fork":false,"pushed_at":"2023-01-09T14:05:43.000Z","size":116,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-08T20:12:44.548Z","etag":null,"topics":["acl","auth","authorization","callable","container-interop","middleware","psr-11","psr-7"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GermaniaKG.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-01T08:33:57.000Z","updated_at":"2022-03-30T09:53:52.000Z","dependencies_parsed_at":"2023-02-08T12:15:59.006Z","dependency_job_id":null,"html_url":"https://github.com/GermaniaKG/Authorization","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermaniaKG%2FAuthorization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermaniaKG%2FAuthorization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermaniaKG%2FAuthorization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermaniaKG%2FAuthorization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GermaniaKG","download_url":"https://codeload.github.com/GermaniaKG/Authorization/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246944385,"owners_count":20858772,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acl","auth","authorization","callable","container-interop","middleware","psr-11","psr-7"],"created_at":"2024-12-16T02:15:09.355Z","updated_at":"2025-04-03T06:17:18.501Z","avatar_url":"https://github.com/GermaniaKG.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Germania KG · Authorization\n\n**Simple authorization solution with [PSR-11 Container](https://github.com/php-fig/container) compatibility and PSR-7 style Middleware. No hierarchical stuff so far.**\n\n[![Packagist](https://img.shields.io/packagist/v/germania-kg/authorization.svg?style=flat)](https://packagist.org/packages/germania-kg/authorization)\n[![PHP version](https://img.shields.io/packagist/php-v/germania-kg/authorization.svg)](https://packagist.org/packages/germania-kg/authorization)\n[![Tests](https://github.com/GermaniaKG/Authorization/actions/workflows/tests.yml/badge.svg)](https://github.com/GermaniaKG/Authorization/actions/workflows/tests.yml)\n\n\n## Installation\n\n```bash\n$ composer require germania-kg/authorization\n```\n\n\n## Setup\n\nThe *Authorization* constructor requires an Access Control List, i.e. an array with *tasks* as keys and *allowed roles arrays* as elements. The second parameter defines whether to permit in case a task is not defined.\n\n```php\n\u003c?php\nuse Germania\\Authorization\\Authorization;\n\n// Define tasks and allowed roles\n$acl = array(\n\t'/foo' =\u003e [ \"coworkers\", \"superuser\"],\n\t'/bar' =\u003e [ \"superuser\", \"registered\"]\n);\n\n// Wether to permit undefined tasks\n$default_permission = true;\n\n// Create instance, optional with PSR-3 Logger\n$authorization = new Authorization( $acl, $default_permission );\n$authorization = new Authorization( $acl, $default_permission, $logger );\n```\n\n## Usage\nThe *Authorization* class implements the *AuthorizationInterface* which defines a single *authorize* method. Additionally, *Authorization* provides a *__invoke* function und thus is callable.\n\n```php\n\u003c?php\n$user_roles = [ \"coworkers\", \"somegroup\" ];\n\n// Result is TRUE\n$allowed = $authorization-\u003eauthorize(\"/foo\", $user_roles);\n$allowed = $authorization(\"/foo\", $user_roles);\n\n// Result is FALSE\n$allowed = $authorization-\u003eauthorize(\"/bar\", $user_roles);\n$allowed = $authorization(\"/bar\", $user_roles);\n\n// Should be TRUE due to default permission above\n$allowed = $authorization-\u003eauthorize(\"/somethingelse\", $user_roles);\n$allowed = $authorization(\"/somethingelse\", $user_roles);\n```\n\n**Per-task logging:** Both *authorize* and *__invoke* Methods do accept an optional PSR-3 Logger instance. This enables you to disable or override the default logger you passed on instantiation. Example:\n\n```php\n\u003c?php\n$silent_log = new Psr\\Log\\NullLogger;\n\n$authorization-\u003eauthorize(\"/foo\", $user_roles, $silent_log);\n$authorization(\"/foo\", $user_roles, $silent_log);\n```\n\n## Container Interoperability\n\nThe *AuthorizationInterface* implements both [PSR-11 ContainerInterface](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-11-container.md) and the deprecated *[Interop\\Container\\ContainerInterface](https://github.com/container-interop/container-interop/blob/master/docs/ContainerInterface.md)* for backward compatibility.\nSo you can test if your *Authorization* instance *has* a task and *get* the allowed roles.\n\nIf a task is not defined, a *TaskNotFoundException* exception will be thrown. This class implements both the *[Interop\\Container\\Exception\\NotFoundException](https://github.com/container-interop/container-interop/blob/master/docs/ContainerInterface.md#4-interopcontainerexceptioncontainerexception)* and PSR-11's [Psr\\Container\\NotFoundExceptionInterface](https://github.com/php-fig/container/blob/master/src/NotFoundExceptionInterface.php) interface.\n\nMore information: [PSR-11 Container](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-11-container.md) • [container-interop/container-interop](https://github.com/container-interop/container-interop)\n\n\n```php\n\u003c?php\nuse Germania\\Authorization\\TaskNotFoundException;\nuse Psr\\Container\\NotFoundExceptionInterface;\n\n// Assuming example from above:\n// TRUE\n$has = $authorization-\u003ehas( \"/foo\" );\n\n// array( \"coworkers\", \"superuser\"] )\ntry {\n\t$roles = $authorization-\u003eget( \"/foo\" );\n\t\n\t// will throw TaskNotFoundException\n\t$roles = $authorization-\u003eget( \"/something-else\" );\n}\ncatch (NotFoundExceptionInterface $e) {\n\tif ($e instanceOf NotFoundException) {\n\t\techo \"Interop Container: NotFoundException\";\n\t}\n}\n```\n\n## PSR 7-style Middleware\n\nThis packages offers three PSR7-style middlewares. All take a *Callable* authorizer (e.g. class Authorization, see above) and optionally a PSR-3 Logger.\n\nIf authorization fails, the Response object gets a `401 Unauthorized` status; after that, the next middelware will be called. This enables you to work with unauthorized requests in later middlewares or controllers.—Well, this is what basically happens inside:\n\n```php\n// Your Callable passed into constructor\n$authorize = $this-\u003eauthorizer;\n\nif (!$authorize( $url )):\n\t$response = $response-\u003ewithStatus( 401 );\nendif;\n\n$response = $next($request, $response);\nreturn $response;\n```\n\n\n### Request URI Authorization\n**RequestUriAuthorizationMiddleware** will check [PSR-7 Request's](http://www.php-fig.org/psr/psr-7/#3-2-psr-http-message-requestinterface) URI string; suitable in most cases.\n\n```php\n\u003c?php\nuse Germania\\Authorization\\RequestUriAuthorizationMiddleware;\n\n// Have your Authorization callable at hand\n$auth = new Authorization( ... );\n\n// Optionally with PSR-3 Logger\n$middleware = new RequestUriAuthorizationMiddleware( $auth )\n$middleware = new RequestUriAuthorizationMiddleware( $auth, $logger )\n```\n\n\n\n### Route Name Authorization\n**RouteNameAuthorizationMiddleware** is for those working with [Slim Framework's Route Names](http://www.slimframework.com/docs/objects/router.html#route-names). To get access to current route name, set *determineRouteBeforeAppMiddleware* in Slim's configuration settings to *true*.\n\n\n```php\n\u003c?php\nuse Germania\\Authorization\\RouteNameAuthorizationMiddleware;\n\n// Have your Authorization callable at hand\n$auth = new Authorization( ... );\n\n// Optionally with PSR-3 Logger\n$middleware = new RouteNameAuthorizationMiddleware( $auth );\n$middleware = new RouteNameAuthorizationMiddleware( $auth, $logger );\n\n// Setup Slim App:\n$app = new \\Slim\\App( [\n\t'settings' =\u003e [\n\t\t// Set this to true to get access to route within middleware\n\t\t'determineRouteBeforeAppMiddleware' =\u003e true\n\t]\n]);\n\n// Add Middleware\n$app-\u003eadd( $middleware );\n```\n\n\n\n\n### Customizable Authorization\n**AuthorizationMiddleware** is the base class of the two above, and more configurable. It takes *another Callable* returning a custom term (or “permission”, you name it) you like to authorize, next to our Authorization *Callable* from the examples above.\n\n\n\n```php\n\u003c?php\nuse Germania\\Authorization\\AuthorizationMiddleware;\n\n// Have your Authorization callable at hand\n$auth = new Authorization( ... );\n\n// Setup Callable for URLs (or, permissions, you name it)\n$url_getter = function( $request ) {\n\treturn (string) $request-\u003egetUri();\n};\n\n// Optionally with PSR-3 Logger\n$middleware = new AuthorizationMiddleware( $auth, $url_getter );\n$middleware = new AuthorizationMiddleware( $auth, $url_getter, $logger );\n```\n\n## Issues\n\nSee [issues list.][i0]\n\n[i0]: https://github.com/GermaniaKG/Authorization/issues\n\n## Development\n\n```bash\n$ git clone https://github.com/GermaniaKG/Authorization.git\n$ cd Authorization\n$ composer install\n```\n\n## Unit tests\n\nEither copy `phpunit.xml.dist` to `phpunit.xml` and adapt to your needs, or leave as is. Run [PhpUnit](https://phpunit.de/) test or composer scripts like this:\n\n```bash\n$ composer test\n# or\n$ vendor/bin/phpunit\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgermaniakg%2Fauthorization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgermaniakg%2Fauthorization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgermaniakg%2Fauthorization/lists"}