https://github.com/orbitale/permissionsbundle

Use expression based permissions instead of roles or voters to simplify your security in Symfony. Feel free to contribute ! :+1: Project was initiated after this discussion: https://github.com/symfony/symfony/issues/21029
https://github.com/orbitale/permissionsbundle

bundle permissions security symfony symfony-bundle

Last synced: 3 months ago
JSON representation

Use expression based permissions instead of roles or voters to simplify your security in Symfony. Feel free to contribute ! :+1: Project was initiated after this discussion: https://github.com/symfony/symfony/issues/21029

• Host: GitHub
• URL: https://github.com/orbitale/permissionsbundle
• Owner: Orbitale
• License: mit
• Created: 2017-04-12T13:09:38.000Z (almost 8 years ago)
• Default Branch: main
• Last Pushed: 2020-06-14T16:06:19.000Z (over 4 years ago)
• Last Synced: 2024-10-01T15:27:58.476Z (4 months ago)
• Topics: bundle, permissions, security, symfony, symfony-bundle
• Language: PHP
• Homepage:
• Size: 8.79 KB
• Stars: 18
• Watchers: 4
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: Security/Provider/PermissionsFunctionsProvider.php

Awesome Lists containing this project

README

        
Permissions bundle

==================

The goal of this bundle is to add simple ExpressionLanguage based permissions to Symfony,

to rely on something with more logic than Roles and less heavy than creating Voters.

## Install

* Require it with composer

  ```bash

  $ composer require orbitale/permissions-bundle

  ```

* Add the bundle to your kernel

  ```php

  denyAccessUnlessGranted('CHUCK_NORRIS');

          // ...

      }

  }

  ```

## Configuration reference

```yaml

permissions:

    defaults:

        # Variables to add to ExpressionLanguage, for easier access if you need

        expression_variables: []

        # Will be added to all not already set "supports" attributes

        supports:             null

    rules:

        # Full prototype

        # Key names *must* be uppercase

        PERMISSION_KEY_NAME:

            supports: null

            on_vote: null   # Required

        # Allow expression with a single string, if you don't care of "supports":

        PERMISSION_KEY_NAME: 'on_vote expression'

```

## Real life example

```yaml

permissions:

    defaults:

        expression_variables:

            user_class: AppBundle\Entity\User

            post_class: AppBundle\Entity\Post

        supports: 'instanceof(user, user_class)'

    rules:

        ADMIN: 'user.isAdmin()'

        EDIT_POST:

            supports: 'instanceof(user, user_class) and instanceof(subject, post_class)'

            on_vote: 'user.isAdmin() and subject.getAuthor().getId() === user.getId()'

```