An open API service indexing awesome lists of open source software.

https://github.com/loremipsum/permission-checker-bundle

Symfony bundle to handle authorization, i.e. check permission to perform action on a resource.
https://github.com/loremipsum/permission-checker-bundle

Last synced: 3 months ago
JSON representation

Symfony bundle to handle authorization, i.e. check permission to perform action on a resource.

Awesome Lists containing this project

README

          

# PermissionChecker bundle

Symfony bundle to handle authorization, i.e. check permission to perform action on a resource.
This bundle is similar to the symfony voter but uses permission objects.

## Configuration

```yaml
# config/packages/lorem_ipsum_permission_checker.yaml

lorem_ipsum_permission_checker:
roles:
admin: ROLE_ADMIN
super_admin: ROLE_SUPER_ADMIN
default_permission: \App\Security\Permission\AppPermission
```

`default_permission` is used by `hasActionPermission` twig function.

## Permission example

Usage example:
Check if the current user has permission to update an existing user. Call `mustHave` or `has`
on the `PermissionChecker` instance with the `UserPermission`.
`mustHave` throws an exception if the permission is not granted, whereas `has` just returns a boolean.

```php
/** @var LoremIpsum\PermissionCheckerBundle\PermissionChecker $permissionChecker **/
$permissionChecker->mustHave(new UserPermission(UserPermission::UPDATE, $user));
```

`AppPermission` example:

```php
getAction()) {
case self::SETTINGS:
return $this->checker->isAdmin();
}
throw new InvalidPermissionException($this, "Invalid action '{$this->getAction()}'");
}
}
```

`UserPermission` example:

```php
user = $user;
}

public function isGranted(): bool
{
switch ($this->getAction()) {
case self::READ:
// All users can view other users
return true;
case self::CHANGE_PASSWORD:
// Admins can change passwords, users can change their own password
return $this->checker->isAdmin() || $this->checker->getUser() === $this->user;
case self::CREATE:
case self::UPDATE:
case self::DELETE:
// Admins can create/update/delete users
return $this->checker->isAdmin();
}

throw new InvalidPermissionException($this, "Invalid action '{$this->getAction()}'");
}
}
```