README

这是一个对mevdschee/php-crud-api的包装，它默认提供安全性，通过确保启用了authorization中间件，并为表和列提供了处理程序。

用法

此库的使用方法与mevdschee/php-crud-api完全相同，只不过如果API构造函数中没有设置authorization、authorization.tableHandler和authorization.columnHandler中间件属性，它将抛出InvalidArgumentException。

使用自定义tableHandler和columnHandler函数

基本用例，例如用于Slim/Laravel应用程序

use Slim\App;
use Outlandish\PhpCrudApi\SecureConfig;
require 'vendor/autoload.php';

return function (App $app) {
    $app->get('/api[/{params:.*}]', function (
            Request $request,
            Response $response,
            array $args
        ) {
            $config = new SecureConfig([
                'middlewares' => 'pageLimits,authorization',
                'pageLimits.records' => 2,
                'authorization.tableHandler' => function ($operation, $tableName)  {
                    return $tableName != 'users'; //prevent CRUD api from performing any actions on the users table
                },
                'authorization.columnHandler' =>
                    function ($operation, $tableName, $columnName) {
                        if($tableName == 'participants'){
                            return $columnName != 'last_ip_address';
                        }
                        return false;
                    },
            ]);
            $api = new Api($config);
            $response = $api->handle($request);
            return $response;
        }
    );
};

使用TablePermissions辅助程序

SecureConfig类可以传递一个TablePermissions子类的数组，以使其更容易明确定义可以操作哪些表中的哪些列

use Slim\App;
use Outlandish\PhpCrudApi\SecureConfig;
use Tqdev\PhpCrudApi\Api;
use Outlandish\PhpCrudApi\TablePermissions;

require 'vendor/autoload.php';

return function (App $app) {
    $app->get('/api[/{params:.*}]', function (
            Request $request,
            Response $response,
            array $args
        ) {
            class UsersTablePermissions extends TablePermissions
            {
                public function __construct()
                {
                    parent::__construct('users');
                    $this->allReadColumns = ["id", "display_name"];
                }
        
            }

            class PetsTablePermissions extends TablePermissions
            {
                public function __construct()
                {
                    parent::__construct('pets');
                    $this->allReadColumns = ["id", "name", "favourite_food", "species", "owner"];
                    $this->createColumns = ["name", "favourite_food", "species", "owner"];
                }
            }
        
            $tablePermissions = [
                PetsTablePermissions::getInstance(),
                UsersTablePermissions::getInstance()
            ];

            
            $config = new SecureConfig([
                'middlewares' => 'pageLimits',
                'pageLimits.records' => 2,
            ], $tablePermissions);
            
            $api = new Api($config);
            $response = $api->handle($request);
            return $response;
        }
    );
};

TablePermissions子类可以使用以下xyzColumns属性（列名数组）设置其列权限，并指定是否可以删除

• allReadColumns（read/list的默认值）
• allWriteColumns（create/update/increment/delete的默认值）
• readColumns
• listColumns
• createColumns
• updateColumns
• incrementColumns
• canDelete（布尔值）

我们建议在您的外部应用程序中处理身份验证，而不是使用内置的中间件。

class PetsTablePermissions extends TablePermissions
{
    public function __construct()
    {
        parent::__construct('pets');
        $this->allReadColumns = ["id", "name", "favourite_food", "species", "owner"];
        $this->createColumns = ["name", "favourite_food", "species", "owner"];
    }
}

class PetsTablePermissionsAuthenticatedUser extends PetsTablePermissions
{
    public function getUpdateColumns(){
        return $this->getReadColumns();
    }
}

if (Auth::check()) {
    // The user is logged in...
    $tablePermissions = [
        PetsTablePermissionsAuthenticatedUser::getInstance(),
    ];
}else{
    //it's an anonymous user
    $tablePermissions = [
        PetsTablePermissions::getInstance(),
    ];
}