Authorize a group to perform an action on a resource.
This library uses the following terminology:
- A user is a person.
- A resource is a thing, typically a model name. By convention, resources are plural and lower-case (e.g.,
'users'
). - An action is something done to a resource, typically a CRUD operation. By convention, actions are singular, present-tense, and lower-case (e.g.,
'create'
). - A permission is the right to perform an action on a resource (e.g.,
'create'
+'users'
). - A role is a named set of permissions. By convention, roles are singular and lower-cased (e.g.,
'administrator'
) - A group is a set of users with a unique name. By convention, groups are plural and lower-case (e.g.,
'administrators'
).
This library's methodology is rather simple:
- A user is assigned to a group.
- A group is assigned one or more roles.
- A role is granted one or more permissions.
- A permission allows an action on a resource.
While users are assigned one or more groups in the database, a group is assigned a role and a role is assigned permissions in a configuration array.
Finally (haha):
use Jstewmc\AuthorizeGroup;
// grant permissions to roles
$roles = [
// the "administrator" role...
'administrator' => [
// for the "users" resource...
'users' => [
// has the "create" action
'create'
]
]
];
// assign roles to groups
$groups = [
// the "administrators" group...
'administrators' => [
// has the "administrator" role
'administrator'
]
];
// implement a group named "administrators"
$group = new class implements Group {
public function getName(): string {
return 'administrators';
}
}
// create our authorization service
$authorizer = new Authorize($groups, $roles);
// is the group authorized to create users? (yes)
$authorizer($group, 'create', 'users');
// is the group authorized to delete users? (no)
$authorizer($group, 'delete', 'users');
That's about it!
- Major release
- Fix
composer.json
- Cleanup a few comments
- Initial release