bjyoungblood / bjyauthorize Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Meanwhile Zfc-ACL name is not available, and in order to add this module to the Zfc family :)
PD.- due is just a suggestion to discuss I will submit/close it.
I don't get what is the resource in the configuration file.
usually i do
./vendor/bin/doctrine-module orm:schema-tool:update --force
for updating the db with the specified entities of my module, but after installing BjyAuthorize and running that command, nothing was edited in the database.
Hi,
When I enable BjyAuthorize on my hosting provider I get random "Internal Server Errors". The log is not too specific:
[Sun Oct 07 01:42:32 2012] [warn] client xxx.xxx.xxx.xxxConnection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://myserver.com/en/
[Sun Oct 07 01:42:32 2012] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: index.php, referer: http://myserver.com/en/
Any idea on how to solve this?
EDIT
I've commented out all lines in "onRoute" in file src/BjyAuthorize/Guard/Route.php... The problem seems to start at:
$allowed = $service->isAllowed('route/' . $routeName);
Currently, naming of classes follows the schema
BjyAuthorize\Provider\Role\Config
I'm hereby suggesting that we use
BjyAuthorize\Provider\Role\ConfigRoleProvider
This will require some renaming work and to create "old" deprecated versions of the files to avoid major BC breaks.
This is more a question than an issue.
In this file: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Service/Authorize.php
From line 120 - line 141, the code are as below:
public function getIdentity()
{
return 'bjyauthorize-identity';
}
public function getAcl()
{
return $this->acl;
}
public function isAllowed($resource, $privilege = null)
{
if (!$this->loaded) {
$this->load();
}
try {
return $this->acl->isAllowed($this->getIdentity(), $resource, $privilege);
} catch (\Zend\Permissions\Acl\Exception\InvalidArgumentException $e) {
return false;
}
}
I am puzzled by this function:
public function getIdentity()
{
return 'bjyauthorize-identity';
}
It always return the identity as a constant string. However shouldn't the identity be a role fetched through the identity provider? It seems I can't not change the identity anyhow. Maybe I just still haven't found it yet. Anybody can help?
Hi Ben,
I forgot to write a Doctrine Role Provider.
Here is it:
And the code to add to Module::getServiceConfiguration() :
'BjyAuthorize\Provider\Role\Doctrine' => function ($sm) {
$provider = new Provider\Role\Doctrine;
return $provider;
}
David
in \Provider\Identity\ZfcUserDoctrine.php
I beleive the query in the query builder is wrong. The alias is not consistant between the select/where parts and the from part.
Also i beleive it should use ->setParameter() to bind the parameter value. This seems to work;
$builder->select("r.role_id")
->from('user_role_linker', 'r')
->where('r.user_id = :user_id')
->setParameter('user_id', $authService->getIdentity()->getId());
It should work without using a named parameter, but i could not get it to work without it.
Please get this verified from another source, because i could be wrong.
I configured it, but always return error 403, with exception indexcontroller, all return error 403. What is this?
Currently, tags are following the release-x.y
naming. Should move to semver for better composer compatibility
Old tags should also be re-tagged.
Hello Ben.
Thank you for the module.
I learn Zend and do a first my project.
But I find it hard to understand the file README.md.
I use zftsuser & https://github.com/zendframework/zf2-tutorial.
For example:
After registration, the new user does not have access to the router "/user";
I do not understand how to add roles to the database.
How can I give the role "admin" for the selected user.
You can help any examples?
My repo https://github.com/mamont77/fcontrol
Baet respect,
Ruslan.
I'm having issue with /Service/Authorize.php:
38: $this->addRoleProvider(new $class($options, $serviceLocator));
44: $this->addResourceProvider(new $class($options, $serviceLocator));
50: $this->addRuleProvider(new $class($options, $serviceLocator));
61: $this->addGuard(new $class($options, $this)); <-- $this here is the BjyAuthorize\Service\Authorize
Is there a specific reason for Guards being passed the Service instead of the Locator?
The two Guards bundled with the module make any use of the Authorize Service passed.
As the Authorize Service doesn't have a getServiceLocator() method and the 'sm' property is set to private, there is no way to access the Service Locator from within a Guard. That creates a problem when one wants to retrieve something (say, a router config) from the Service Locator.
I see two ways of fixing this:
It's a simpel fix. I can attach a patch or make a pull request if you see this issue as valid.
I'm currently passing my custom Guard inside the bjyauthorize config twice - once as a resource provider and once as a rule provider. This gets me the Service Locator as the second argument when the constructor is called :)
At the momment there is no support in this module for role based access control (rbac).
This is a Feature request to cover that topic.
I think these are some posibilities:
Requires a successful build, which depends on zendframework/zend-developer-tools#63 and eventually zendframework/zend-developer-tools#53
As BjyAuthorize\Provider\Role\Doctrine
is already known by the SL it will not create an new service and hence the $options
are ignored.
/**
* @param string $class
* @param array $options
*
* @return object
*/
private function getOrCreateService($class, $options)
{
if ($this->serviceLocator->has($class)) {
return $this->serviceLocator->get($class);
}
return new $class($options, $this->serviceLocator);
}
File: BjyAuthorize\Provider\Role\ZendDb.php
Method: getRoles()
service to instantiate the class TableGateway should not be 'zfcuser_zend_db_adapter' like ZendDb indentity provider or not?
Fatal error: Declaration of BjyAuthorize\Module::onBootstrap() must be compatible with that of Zend\ModuleManager\Feature\BootstrapListenerInterface::onBootstrap() in vendor\bjyoungblood\BjyAuthorize\Module.php on line 13
config/services.config.php needs the following:
'BjyAuthorize\View\RedirectionStrategy' => function (ServiceLocatorInterface $serviceLocator) {
return new View\RedirectionStrategy();
},
Hi there,
user_role_linker table name is hardcoded into BjyAuthorize\Provider\Identity\Doctrine and BjyAuthorize\Provider\IdentityZendDb classes.
called in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Service\Authorize.php on line 82 and defined in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Provider\Role\Doctrine.php on line 45
As of #37, the unauthorized strategy does not work with console application because of obvious incompatibilities between the request/response object APIs.
Hi there,
I think it should be useful to display BjyAuthorize informations (like identity roles) into Zend Developer Tools like DoctrineOrmModule do (https://github.com/doctrine/DoctrineORMModule/blob/master/docs/developer-tools.md).
What do you think about it ?
Here we use name "guard", but in ZfcRbac they use "firewall". Can we come to a common agreement or no matter?
Every time I want to access an route defined with type segment
I get an 403 error.
At this time it's not to bad for me because im in develeopment but
later I need it working with iteral and segment.
Hey there,
I'm trying to integrate BjyAuthorize into my setup.
It's working quite fine so far, thank you for your effort of providing a nice ACL Layer for ZF2
What I'm wondering about are the Doctrine Entities Role.php.dist and User.php.dist.
The schema they are using is differnt from the one provided in schema.sql.
I tried to integrate a Role entity and was not able to do this with an extra auto increment id field. I changed the table and parent columen through options for BjyAuthorize/Provider/Role/Doctrine like here: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Provider/Role/Doctrine.php#L47-L62
That works great and is easy to manage.
What seems not to be possible is changing the join table user_role_linker
(https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Provider/Identity/ZfcUserDoctrine.php#L41).
Would really like to have this being changeable like in Doctrine Role Provider.
I could prepare a pr for this, if nothing speaks against it.
Cheers
No debug information. Console gives only this message:
ERROR: the server encountered an internal error and was unable to complete your request.
Tested on 889d090
Fatal error: Class 'BjyAuthorize\Provider\Role\Doctrine' not found in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Service\Authorize.php on line 359
I couldn't decide where to open this issue as it concerns both modules, but i finally chose to create it here, sorry :)
Before i explain a bit more what the problem is, here are the different BjyAuthorize configurations i've been using. They all led to the same error. Following @Ocramius advice on IRC, i also commented out both event manager attachments in the Module onBootstrap method (#1 and #2) but it didn't remove the error either.
The error i'm getting is thrown as soon as i have both modules in the modules list in application.config.php
(BjyAuthorize or ScnSocialAuth alone works) it says : Request URI has not been set. Please set your correct home route key in the scn-social-auth.local.php config file
. It's thrown here in ScnSocialAuth module. It seems that the ZF2 router can't find the home
route key anymore.
It's getting to this part of ScnSocialAuth because AuthenticationDoctrineEntityFactory
calls zfcuser_auth_service
wich starts up the whole authentication chain, including ScnSocialAuth's.
Thanks for your help.
Pinging @SocalNick in case he has any idea.
Currently, the Route
and the Controller
guards are setting custom properties into the MvcEvent
.
This should be changed by eventually directly throwing exceptions.
I'm finding a way to use this plugin with restful webservice but still don't know how. When I activate the plugin, the route configuration for restful webservice doesn't work anymore. I request the url, it returns html instead.
Looking forward to your reply @bjyoungblood
When using a route guard, the routes for Console are not taken into account. Running a script now result in a fatal PHP error:
PHP Fatal error: Call to undefined method Zend\Console\Response::setStatusCode() in /home/www/noa/vendor/bjyoungblood/bjy-authorize/src/BjyAuthorize/View/UnauthorizedStrategy.php on line 92
Will console routes be supported in the future?
Looks like the composer package does not point to the latest commit. I' ve been told that is because the packagist hook isn't set up (or isn't set up properly?).
Hi there,
I'm using Doctrine2 so i don't need zend_db_adapter.
Is it possible to use this module with Doctrine ?
David
"vendor/bjyoungblood/bjy-authorize/.git" folder exists if I install via composer, ["bjyoungblood/bjy-authorize": "dev-master",].
This doesn't happen on other modules like zfcuser or zfcbase. Is it expected?
@bjyoungblood ping? Can you enable the hook for travis?
Which is the best method to add an user to the user_role_linker table?
Ping @iwalz
Currently, interfaces define setters/getters also where not needed (like the identity provider interface). They should be removed.
I take the answer from @bjyoungblood #55 (comment) .
I implement my own UnauthorizedStrategy
like this :
<?php
namespace NovAuthorize\View;
use Zend\EventManager\EventManagerInterface;
use Zend\EventManager\ListenerAggregateInterface;
use Zend\Http\Response as HttpResponse;
use Zend\Mvc\Application;
use Zend\Mvc\MvcEvent;
use Zend\Stdlib\ResponseInterface as Response;
use Zend\View\Model\ViewModel;
use BjyAuthorize\Exception\UnAuthorizedException;
class UnauthorizedStrategy implements ListenerAggregateInterface
{
protected $listeners = array();
public function attach(EventManagerInterface $events)
{
$this->listeners[] = $events->attach(MvcEvent::EVENT_DISPATCH_ERROR, array($this, 'onDispatchError'), -5000);
}
public function detach(EventManagerInterface $events)
{
foreach ($this->listeners as $index => $listener) {
if ($events->detach($listener)) {
unset($this->listeners[$index]);
}
}
}
public function onDispatchError(MvcEvent $e)
{
$response = $e->getResponse();
$headers = $response->getHeaders();
$headers->addHeaderLine('Content-Type', 'application/json');
$response->setStatusCode(403);
$response->setHeaders($headers);
$e->stopPropagation();
}
}
Everything goes through fine, but there still is html content there. Maybe it comes from another controller, but I have no idea where it is. I try to getBody()
and getContent()
from the $response
but I cannot get anything.
I only want to return http status code since I try to implement the json api above this plugin :)
Thanks for reading
For now i simply added ZfcBase, ZfcUser and BiyAuthorize to my Zend Installation. I did the Configuration steps and all i see is:
Zend\ModuleManager\Exception\RuntimeException: Module (biyauthorize) could not be initialized. in vendor/zf2/library/Zend/ModuleManager/ModuleManager.php on line 139
There is something really wrong, any Ideas?
Currently, the authorization service manages both instantiation and usage of the Zend\Permissions\Acl\Acl
instance. That's a bit messy and instantiation of the ACL instance should be moved to an own factory.
I updated my config following:
https://github.com/bjyoungblood/BjyAuthorize/blob/master/docs/doctrine.md
But i get:
Fatal error</b>: Uncaught exception 'BjyAuthorize\Exception\InvalidArgumentException' with message 'Config for "BjyAuthorize\Provider\Role\Doctrine" not set' in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Service\ObjectRepositoryRoleProviderFactory.php:35
Stack trace:
#0 [internal function]: BjyAuthorize\Service\ObjectRepositoryRoleProviderFactory->createService(Object(Zend\ServiceManager\ServiceManager), 'bjyauthorizepro...', 'BjyAuthorize\Pr...')
#1 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(737): call_user_func(Array, Object(Zend\ServiceManager\ServiceManager), 'bjyauthorizepro...', 'BjyAuthorize\Pr...')
#2 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(867): Zend\ServiceManager\ServiceManager->createServiceViaCallback(Array, 'bjyauthorizepro...', 'BjyAuthorize\Pr...')
#3 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php( in <b>vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php</b> on line <b>744</b><br />
Hi,
I don't understand why but the following line :
... generate error:
Fatal error: Uncaught exception 'InvalidArgumentException' with message 'Invalid event subscriber "Closure" given, must be a service name, class name or an instance implementing Doctrine\Common\EventSubscriber'
in vendor\doctrine\doctrine-module\src\DoctrineModule\Service\EventManagerFactory.php:58
Stack trace: #0 [internal function]: DoctrineModule\Service\EventManagerFactory->createService(Object(Zend\ServiceManager\ServiceManager), 'doctrine.eventm...', 'doctrine.eventm...')
#1 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(672): call_user_func(Array, Object(Zend\ServiceManager\ServiceManager), 'doctrine.eventm...', 'doctrine.eventm...')
#2 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(763): Zend\ServiceManager\ServiceManager->createServiceViaCallback(Array, 'doctrine.eventm...', 'doctrine.eventm...')
#3 vendor\zendframework\ze in vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php on line 679
The previous logic using the providers based on an EntityManager
's connection should be removed. The newly implemented ones should be considered default
My configuration :
<?php
return array(
'bjyauthorize' => array(
// set the 'guest' role as default (must be defined in a role provider)
'default_role' => 'guest',
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
* roles the "identity role" should inherit from.
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => 'BjyAuthorize\Provider\Identity\ZfcUserZendDb',
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\Config' => array(
'guest' => array(),
'user' => array('children' => array(
'admin' => array(),
)),
),
// this will load roles from the user_role table in a database
// format: user_role(role_id(varchar), parent(varchar))
'BjyAuthorize\Provider\Role\ZendDb' => array(
'table' => 'user_role',
'role_id_field' => 'role_id',
'parent_role_field' => 'parent',
),
),
// resource providers provide a list of resources that will be tracked
// in the ACL. like roles, they can be hierarchical
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'pants' => array(),
),
),
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
array(array('guest', 'user'), 'pants', 'wear')
),
'deny' => array(
),
),
),
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'Main\Controller\UserController', 'action' => 'get', 'roles' => array('user')),
),
),
),
);
The errors :
Fatal error: Uncaught exception 'Zend\Di\Exception\MissingPropertyException' with message 'Missing instance/object for parameter rules for BjyAuthorize\Guard\Controller::__construct' in /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php:699
Stack trace:
#0 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php(393): Zend\Di\Di->resolveMethodParameters('BjyAuthorize\Gu...', '__construct', Array, NULL, true, true)
#1 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php(225): Zend\Di\Di->createInstanceViaConstructor('BjyAuthorize\Gu...', Array, NULL)
#2 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php(174): Zend\Di\Di->newInstance('BjyAuthorize\Gu...', Array, true)
#3 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/ServiceManager/Di/DiServiceFactory.php(104): Zend\Di\Di->get('BjyAuthorize\Gu...', Array)
#4 /vagrant/gift_portal/backend/zf2/ in /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/ServiceManager/ServiceManager.php on line 749
I would like to be able to trigger 403 error and have your module render a page
in controler | viewscript
if (!$this->allowed()) {
trigger 'error-unauthorized';
}
switch($error)
{
case 'error-unauthorized-controller':
$viewVariables['controller'] = $e->getParam('controller');
$viewVariables['action'] = $e->getParam('action');
break;
case 'error-unauthorized-route':
$viewVariables['route'] = $e->getParam('route');
break;
default:
/*
* do nothing if there is no error in the event or the error
* does not match one of our predefined errors (we don't want
* our 403.phtml to handle other types of errors)
*/
return;
}
is that possible? or do you have any advise on how work around that? perhaps i do it incorrectly.
thank you
Well upgrading to the latest master solves the current error, but introduces a new one for me.
Uncaught exception 'Zend\Di\Exception\MissingPropertyException' with message 'Missing instance/object for parameter rules for BjyAuthorize\Guard\Controller::__construct'
It might be related to my own config, but disabling my own modules doesn't resolve the issue though
@japaveh yes, that's basically because you got Zend\Di crunching behind your locator. As soon as you enable a guard, $serviceLocator->has('BjyAuthorize\Guard\Controller') will return true even if no service by that name is defined (because Zend\Di can initialize it without service definition).
So that's basically the problem. The fact is that my latest patch puts the guard coming from the locator as prioritized. A solution may be to check if (!empty($guardOptions)) { /* construct / } else { / attempt to use locator */}.
This anyway is not optimal, since the maximum degree of flexibility is anyway provided by the locator.
For your specific case, the solution is to have following service definition:
return array(
'factories' => function (\Zend\ServiceManager\ServiceLocatorInterface $sl) {
return new \BjyAuthorize\Guard\Controller(
array(
array('controller' => 'admin', 'roles' => array(1)),
),
$sl
);
},
);
@Ocramius Well, with that definition I don't have any error anymore of course, but also no guards are loaded.
A second, more fundamental problem I have with that is I need to decouple the guard configuration between the service configuration and the rest of the rules. In version 1.0 I have the possibility to have a dedicated file for authorization (per module) and a small service configuration.
Besides that, is my specific case so different compared to the default example (shouldn't we split this issue into a new one?)
Is it possible to redirect to a given Route (zfcuser/login) instead of Showing a 403? Usually this is a better way for the Usability of a Page.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.