Authorization

David Dan edited this page Feb 14, 2015 · 1 revision

To use permissions in Thruway, you need to load the AuthorizationManager module for the realm.

$authorizationManager = new \Thruway\Authentication\AuthorizationManager('authorizing_realm');
$router->registerModule($authorizationManager);

The AuthorizationManager provides RPCs that can be used to change the permissions in that realm:

add_authorization_rule

add_authorization_rule is called with a single argument that is a authorization rule:

In JSON:

{
    "role": "some_role",
    "action": "publish",
    "uri": "some.uri",
    "allow": true
}

In PHP:

(object)[
   "role" => "some_role",
   "action" => "publish",
   "uri" => "some.uri",
   "allow" => true
]

If you would like to setup rules prior to the startup of the router, you can call the same functions in PHP prior to calling start:

$authorizationManager->addAuthorizationRule((object)[
    "role" => "some_role",
    "action" => "publish",
    "uri" => "some.uri",
    "allow" => true
]);

remove_authorization_rule

This is not implemented yet.

flush_authorization_rules

This takes a true/false argument that will set the default policy of the realm.

get_authorization_rules

This returns all of the authorization rules that have been set.

test_authorization

This allows testing of actions to return whether or not the current permissions will allow or deny an action.

test_authorization takes 3 arguments.

[["role1", "role2"], "publish|subscribe|register|call", "my.uri"]

  • An array of roles that will be tested.
  • The action being tested.
  • The URI that is being tested.

I am in the process of writing a post to demonstrate the use of permissions. I will repost that here when it is complete. Please let me know if you have any other questions.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.