Skip to content

charcoal-user 0.7.0

Latest
Latest
Compare
Choose a tag to compare
@mcaskill mcaskill released this 02 Mar 17:58
· 6 commits to master since this release
0.7.0
d48de49

Key Features

Authorizer

Refactored Authorizer to extend an interface and an abstract class. The new AbstractAuthorizer provides a variety of new methods to check permissions against roles and ACL resources.

Old API

Internally, the old permission checking methods (rolesAllowed() and userAllowed()) now use the new methods (which fixes support for multiple roles) but preserves the default behavior of allowing access to everything.

New API

  • isRoleGrantedAll() — Check if access is granted to the role, and the resource, for all permissions.
    • allRolesGrantedAll() — Check if access is granted to all roles, and the resource, for all permissions.
    • anyRolesGrantedAll() — Check if access is granted to any one of the roles, and the resource, for all permissions.
    • isUserGranted() — Check if access is granted to the user's role(s), and the resource, for permissions.
  • isRoleGrantedAny() — Check if access is granted to the role, and the resource, for any one of the permissions.
    • allRolesGrantedAny() — Check if access is granted to all roles, and the resource, for any one of the permissions.
    • anyRolesGrantedAny() — Check if access is granted to any one of the roles, and the resource, for any one of the permissions.
  • isAllowed() — Check if the role has access to the resource and privilege.
  • hasRole() — Check if the role is registered.
  • inheritsRole() — Check if the role inherits from another role.
  • hasResource() — Check if the resource is registered.
  • inheritsResource() — Check if the resource inherits from another resource.

Example

Example #​1

Using the new API with the default "charcoal" resource.

if (!$authorizer->isUserGranted($user, Authorizer::DEFAULT_RESOURCE, 'edit')) {
    return $response->withStatus(403);
}

Example #​2

public function isAuthorizedToManageOthers()
{
    $obj        = $this->obj();
    $objType    = $obj->objType();
    $authorizer = $this->authorizer();

    if ($authorizer->hasResource($objType)) {
        $user = $this->authenticator()->getUser();
        if ($user) {
            return $authorizer->isUserGranted($user, $objType, 'object/manage/others');
        }
    }

    return false;
}

protected function prepareAuthorship(ModelInterface $obj)
{
    $old    = $this->prevObj;
    $userId = $this->authenticator()->getUserId();

    if ($old->hasAuthor($userId) && !$obj->hasAuthor($userId)) {
        // Redirect if current user is no longer an author
        if (!$this->isAuthorizedToManageOthers()) {
            $url = $this->getObjectBrowseUrl();
            $url = $obj->renderTemplate($url);
            $this->setSuccessUrl($url);
        }
    }
}

Complete commits list: 0.6.4...0.7.0

Deprecated:

  • rolesAllowed() in favour of anyRolesGrantedAll()
  • userAllowed() in favour of anyRolesGrantedAll() (via isUserGranted())
  • Authorizer resource option renamed to defaultResource

Fixed:

  • Type-hint AuthenticatorInterface instead of Authenticator
Assets 2
Loading