Skip to content
/ auth Public

Authentication and authorization

License

Notifications You must be signed in to change notification settings

orisai/auth

Repository files navigation

Orisai
Auth

Authentication and authorization

📄 Check out our documentation.

💸 If you like Orisai, please make a donation. Thank you!

This package is inspired by nette/security from David Grudl. Thank you, David!

namespace App\Admin\Article\View;

use Orisai\Auth\Authentication\Identity;
use Orisai\Auth\Authentication\SimpleFirewall;

final class ArticleEditController
{

	private SimpleFirewall $firewall;

	public function __construct(SimpleFirewall $firewall)
	{
		$this->firewall = $firewall;
	}

	public function run(): void
	{
		if (!$this->firewall->isAllowed('administration.entry')) {
			// Not allowed
		}

		$article = /* get article by ID from request */;

		if (!$this->firewall->isAllowed('article.edit', $article)) {
			// Not allowed
		}

		// Is allowed
	}

}

use App\Core\Article\Article;
use Orisai\Auth\Authorization\Policy;
use Orisai\Auth\Authorization\PolicyContext;

/**
 * @implements Policy<Article>
 */
final class ArticleEditPolicy implements Policy
{

	public static function getPrivilege(): string
	{
		return 'article.edit';
	}

	public static function getRequirementsClass(): string
	{
		return Article::class;
	}

	/**
	 * @param Article $requirements
	 */
	public function isAllowed(Identity $identity, object $requirements, PolicyContext $context): bool
	{
		$authorizer = $context->getAuthorizer();

		return $authorizer->hasPrivilege($identity, self::getPrivilege())
			&& $requirements->getAuthor()->getId() === $identity->getId();
	}

}