This repository has been archived by the owner on Jul 3, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 112
/
zfc_rbac.global.php.dist
132 lines (119 loc) · 5.04 KB
/
zfc_rbac.global.php.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php
/*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* This software consists of voluntary contributions made by many individuals
* and is licensed under the MIT license.
*/
/**
* Copy-paste this file to your config/autoload folder (don't forget to remove the .dist extension!)
*/
return [
'zfc_rbac' => [
/**
* Key that is used to fetch the identity provider
*
* Please note that when an identity is found, it MUST implements the ZfcRbac\Identity\IdentityProviderInterface
* interface, otherwise it will throw an exception.
*/
// 'identity_provider' => 'ZfcRbac\Identity\AuthenticationIdentityProvider',
/**
* Set the guest role
*
* This role is used by the authorization service when the authentication service returns no identity
*/
// 'guest_role' => 'guest',
/**
* Set the guards
*
* You must comply with the various options of guards. The format must be of the following format:
*
* 'guards' => [
* 'ZfcRbac\Guard\RouteGuard' => [
* // options
* ]
* ]
*/
// 'guards' => [],
/**
* As soon as one rule for either route or controller is specified, a guard will be automatically
* created and will start to hook into the MVC loop.
*
* If the protection policy is set to DENY, then any route/controller will be denied by
* default UNLESS it is explicitly added as a rule. On the other hand, if it is set to ALLOW, then
* not specified route/controller will be implicitly approved.
*
* DENY is the most secure way, but it is more work for the developer
*/
// 'protection_policy' => \ZfcRbac\Guard\GuardInterface::POLICY_ALLOW,
/**
* Configuration for role provider
*
* It must be an array that contains configuration for the role provider. The provider config
* must follow the following format:
*
* 'ZfcRbac\Role\InMemoryRoleProvider' => [
* 'role1' => [
* 'children' => ['children1', 'children2'], // OPTIONAL
* 'permissions' => ['edit', 'read'] // OPTIONAL
* ]
* ]
*
* Supported options depend of the role provider, so please refer to the official documentation
*/
'role_provider' => [],
/**
* Configure the unauthorized strategy. It is used to render a template whenever a user is unauthorized
*/
'unauthorized_strategy' => [
/**
* Set the template name to render
*/
// 'template' => 'error/403'
],
/**
* Configure the redirect strategy. It is used to redirect the user to another route when a user is
* unauthorized
*/
'redirect_strategy' => [
/**
* Enable redirection when the user is connected
*/
// 'redirect_when_connected' => true,
/**
* Set the route to redirect when user is connected (of course, it must exist!)
*/
// 'redirect_to_route_connected' => 'home',
/**
* Set the route to redirect when user is disconnected (of course, it must exist!)
*/
// 'redirect_to_route_disconnected' => 'login',
/**
* If a user is unauthorized and redirected to another route (login, for instance), should we
* append the previous URI (the one that was unauthorized) in the query params?
*/
// 'append_previous_uri' => true,
/**
* If append_previous_uri option is set to true, this option set the query key to use when
* the previous uri is appended
*/
// 'previous_uri_query_key' => 'redirectTo'
],
/**
* Various plugin managers for guards and role providers. Each of them must follow a common
* plugin manager config format, and can be used to create your custom objects
*/
// 'guard_manager' => [],
// 'role_provider_manager' => []
]
];