通过 
搜索
搜索dotkernel / dot-rbac-guard
DotKernel RBAC 守护组件
3.5.0
2024-05-03 18:53 UTC
Requires
- php: ~8.1.0 || ~8.2.0 || ~8.3.0
- dotkernel/dot-authentication: ^2.3.4
- dotkernel/dot-controller: ^3.4.3
- dotkernel/dot-rbac: ^3.5.2
- laminas/laminas-diactoros: ^3.3.0
- laminas/laminas-servicemanager: ^3.22.1
- laminas/laminas-stdlib: ^3.19
- mezzio/mezzio-router: ^3.17
- mezzio/mezzio-template: ^2.10.0
- psr/http-message: ^1.0 || ^2.0
- psr/http-server-middleware: ^1.0
Requires (Dev)
- laminas/laminas-coding-standard: ^2.5
- phpunit/phpunit: ^10.5.9
- vimeo/psalm: ^5.20
README
定义授权守卫,根据各种标准授权用户访问应用程序的特定部分。如果授权服务可以用于在狭窄级别检查授权,那么守卫被视为通往更大应用程序部分的门户。通常,您希望在一个应用程序中使用这两种方法以提高安全性。
安装
在您项目的根目录中运行以下命令
$ composer require dotkernel/dot-rbac-guard
请注意,此模块基于在模块 dot-rbac 中定义的授权服务构建。运行上述命令还将安装该软件包。您必须首先配置 dot-rbac 才能使用此模块。
配置
与许多 DotKernel 模块一样,我们专注于基于配置方法的模块定制。
安装后,将模块的 ConfigProvider 与您的应用程序配置合并,以确保注册所需的依赖项和默认模块配置。在您的 'config/autoload' 文件夹中为此模块创建一个配置文件。
authorization-guards.global.php
return [ 'dot_authorization' => [ //define how it will treat non-matching guard rules, allow all by default 'protection_policy' => \Dot\Rbac\Guard\GuardInterface::POLICY_ALLOW, 'event_listeners' => [ [ 'type' => 'class or service name of the listener', 'priority' => 1, ], ], //define custom guards here 'guard_manager' => [], //register custom guards providers here 'guards_provider_manager' => [], //define which guards provider to use, along with its configuration //the guards provider should know how to build a list of GuardInterfaces based on its configuration 'guards_provider' => [ 'type' => 'ArrayGuards', 'options' => [ 'guards' => [ [ 'type' => 'Route', 'options' => [ 'rules' => [ 'premium' => ['admin'], 'login' => ['guest'], 'logout' => ['admin', 'user', 'viewer'], 'account' => ['admin', 'user'], 'home' => ['*'], ] ] ], [ 'type' => 'RoutePermission', 'options' => [ 'rules' => [ 'premium' => ['premium'], 'account' => ['my-account'], 'logout' => ['only-logged'], ] ] ], [ 'type' => 'Controller', 'options' => [ 'rules' => [ [ 'route' => 'controller route name', 'actions' => [//list of actions to apply, or empty array for all actions], //by default, authorization pass if all permissions are present(AND) 'roles' => [//list of roles to allow], ], ] ] ], [ 'type' => 'ControllerPermission', 'options' => [ 'rules' => [ [ 'route' => 'controller route name', 'actions' => [//list of actions to apply, or empty array for all actions], //by default, authorization pass if all permissions are present(AND) 'permissions' => [//list of permissions to allow], ], [ 'route' => 'controller route name', 'actions' => [//list of actions to apply, or empty array for all actions], 'permissions' => [ //permission can be defined in this way too, for all permission type guards 'permissions' => [//list of permissions], 'condition' => \Dot\Rbac\Guard\GuardInterface::CONDITION_OR, ] ] ] ] ] ] ], ], //overwrite default messages 'messages_options' => [ 'messages' => [ //MessagesOptions::UNAUTHORIZED => 'You must sign in first to access the requested content', //MessagesOptions::FORBIDDEN => 'You don\'t have enough permissions to access the requested content', ] ], ], ];
在管道中注册 RbacGuardMiddleware
使用此软件包的最后一步是注册中间件。此中间件触发授权事件。您必须将此中间件插入应用程序的路由中间件和分发中间件之间,因为守卫需要 RouteResult 来获取匹配的路由和参数。
middleware-pipeline.global.php
//... 'routing' => [ 'middleware' => [ ApplicationFactory::ROUTING_MIDDLEWARE, //... \Dot\Rbac\Guard\Middleware\RbacGuardMiddleware::class, //... ApplicationFactory::DISPATCH_MIDDLEWARE, ], 'priority' => 1, ], //...