This repository has been archived by the owner on Jan 30, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
13 changed files
with
179 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Changelog | ||
|
||
All notable changes to this project will be documented in this file, in reverse chronological order by release. | ||
|
||
## 2.5.2 - TBD | ||
|
||
### Added | ||
|
||
- [#12](https://github.com/zendframework/zend-permissions-rbac/pull/12) adds | ||
and publishes the documentation to https://zendframework.github.io/zend-permissions-rbac/ | ||
|
||
### Deprecated | ||
|
||
- Nothing. | ||
|
||
### Removed | ||
|
||
- Nothing. | ||
|
||
### Fixed | ||
|
||
- Nothing. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<div class="container"> | ||
<div class="jumbotron"> | ||
<h1>zend-permissions-rbac</h1> | ||
|
||
<p> | ||
Provide and query Role-Based Access Controls for your application. | ||
</p> | ||
|
||
<pre><code class="language-bash">$ composer require zendframework/zend-permissions-rbac</code></pre> | ||
</div> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../README.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# Introduction | ||
|
||
zend-permissions-rbac provides a lightweight role-based access control (RBAC) | ||
implementation based around PHP's `RecursiveIterator` and | ||
`RecursiveIteratorIterator`. RBAC differs from access control lists (ACL) by | ||
putting the emphasis on roles and their permissions rather than objects | ||
(resources). | ||
|
||
For the purposes of this documentation: | ||
|
||
- an **identity** has one or more roles. | ||
- a **role** requests access to a permission. | ||
- a **permission** is given to a role. | ||
|
||
Thus, RBAC has the following model: | ||
|
||
- many to many relationship between **identities** and **roles**. | ||
- many to many relationship between **roles** and **permissions**. | ||
- **roles** can have a parent role. | ||
|
||
## Roles | ||
|
||
To create a role, extend the abstract class `Zend\Permission\Rbac\AbstractRole` | ||
or use the default role class, `Zend\Permission\Rbac\Role`. You can instantiate | ||
a role and add it to the RBAC container or add a role directly using the RBAC | ||
container `addRole()` method. | ||
|
||
## Permissions | ||
|
||
Each role can have zero or more permissions and can be set directly to the role | ||
or by first retrieving the role from the RBAC container. Any parent role will | ||
inherit the permissions of their children. | ||
|
||
## Dynamic Assertions | ||
|
||
In certain situations simply checking a permission key for access may not be | ||
enough. For example, assume two users, Foo and Bar, both have `article.edit` | ||
permission. What's to stop Bar from editing Foo's articles? The answer is | ||
dynamic assertions which allow you to specify extra runtime credentials that | ||
must pass for access to be granted. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# Methods | ||
|
||
## `Zend\Permissions\Rbac\AbstractIterator` | ||
|
||
The `AbstractIterator` is used as the basis for both the primary `Rbac` class | ||
and the `AbstractRole`. | ||
|
||
Method signature | Description | ||
----------------------------------- | ----------- | ||
`current() : RoleInterface` | Return the current role instance. | ||
`getChildren() : RecursiveIterator` | Returns a recursive iterator of all children of the current role. | ||
`hasChildren() : bool` | Indicates if the current role has children. | ||
`key() : int` | Index of the current role instance. | ||
`next() : void` | Advance to the next role instance. | ||
`rewind() : void` | Seek to the first item in the iterator. | ||
`valid() : bool` | Is the current index valid? | ||
|
||
## `Zend\Permissions\Rbac\AbstractRole` | ||
|
||
The `AbstractRole` provides the base functionality required by the | ||
`RoleInterface`, and is the foundation for the `Role` class. | ||
|
||
Method signature | Description | ||
---------------------------------------------- | ----------- | ||
`addChild(string|RoleInterface $child) : void` | Add a child role to the current instance. | ||
`addPermission(string $name) : void` | Add a permission for the current role. | ||
`getName() : string` | Retrieve the name assigned to this role. | ||
`hasPermission(string $name) : bool` | Does the role have the given permission? | ||
`setParent(RoleInterface $parent) : void` | Assign the provided role as the current role's parent. | ||
`getParent() null|RoleInterface` | Retrive the current role's parent, if one exists. | ||
|
||
## `Zend\Permissions\Rbac\AssertionInterface` | ||
|
||
Custom assertions can be provided to `Rbac::isGranted()` (see below); such | ||
assertions are provided the `Rbac` instance on invocation. | ||
|
||
Method signature | Description | ||
--------------------------- | ----------- | ||
`assert(Rbac $rbac) : bool` | Given an RBAC, determine if permission is granted. | ||
|
||
## `Zend\Permissions\Rbac\Rbac` | ||
|
||
`Rbac` is the object with which you will interact within your application in | ||
order to query for permissions. It extends `AbstractIterator`. | ||
|
||
Method signature | Description | ||
--------------------------------------------------------------------------- | ----------- | ||
`addRole(string|RoleInterface $child, array|RoleInterface $parents = null)` | Add a role to the RBAC. If `$parents` is non-null, the `$child` is also added to any parents provided. | ||
`getRole(string|RoleInterface $role) : RoleInterface` | Recursively queries the RBAC for the given role, returning it if found, and raising an exception otherwise. | ||
`hasRole(string|RoleInterface $role) : bool` | Recursively queries the RBAC for the given role, returning `true` if found, `false` otherwise. | ||
`getCreateMissingRoles() : bool` | Retrieve the flag that determines whether or not `$parent` roles are added automatically if not present when calling `addRole()`. | ||
`setCreateMissingRoles(bool $flag) : void` | Set the flag that determines whether or not `$parent` roles are added automatically if not present when calling `addRole()`. | ||
`isGranted(string|RoleInterface $role, string $permission, $assert = null)` | Determine if the role has the given permission. If `$assert` is provided and either an `AssertInterface` instance or callable, it will be queried before checking against the given role. | ||
|
||
## `Zend\Permissions\Rbac\Role` | ||
|
||
`Role` inherits from `AbstractRole` and `AbstractIterator`. | ||
|
||
Method signature | Description | ||
---------------------------------- | ----------- | ||
`__construct(string $name) : void` | Create a new instance with the provided name. |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
docs_dir: doc/book | ||
site_dir: doc/html | ||
pages: | ||
- index.md | ||
- Intro: intro.md | ||
- Reference: | ||
- Methods: methods.md | ||
- Examples: examples.md | ||
site_name: zend-permissions-rbac | ||
site_description: zend-permissions-rbac | ||
repo_url: 'https://github.com/zendframework/zend-permissions-rbac' | ||
copyright: 'Copyright (c) 2016 <a href="http://www.zend.com/">Zend Technologies USA Inc.</a>' | ||
|