Comments (6)
I'd probably go with an interface that abstracts AuthorizeAcl
and AuthorizeRbac
, but that takes some time since currently, all providers also give us roles that work with Acl.
Integrating with ZfcRbac
seems a bit weird, since both modules support the same logic. It can be done eventually, but I don't see where the advantage (over simply using ZfcRbac
in such case) is.
from bjyauthorize.
mmm, I agree with "but I don't see where the advantage (over simply using ZfcRbac in such case) is".
On the other hand, this module is called Authorize, so why support only ACL (wich is a totally different concept -more desktop- as RBAC -more web) ??
...and wrapping the rbac logic in acl logic ("currently, all providers also give us roles that work with Acl")? ...well, doesn't sound so cool
from bjyauthorize.
@neoglez that's because:
- when the module was thought, we didn't have the RBAC component
- it has to be thought again eventually.
This can work if we define a config as following:
return array(
'bjyauthorize' => array(
'authorization_services' => array(
// ze number is ze priority
'BjyAuthorize\Service\AclAuthorize' => 1000,
'BjyAuthorize\Service\RbacAuthorize' => 2000,
),
'BjyAuthorize\Service\AclAuthorize' => array(
// previous bjyauthorize config
),
'BjyAuthorize\Service\RbacAuthorize' => array(
// new rbac config
),
),
);
This obviously allows having a number of authorization services based on your own custom techniques. Since they are also attached as listeners, authorization can be event driven.
from bjyauthorize.
Looks very flexible :)
I like the idea +1, i'll try to work on it
from bjyauthorize.
@neoglez please work only on the UML first. I still need to wrap my head around it, but it should be very simple.
Things to take into account:
- is the authorization service in the chain capable of acting on a given role/resource?
- should the authorization service break the chain on failure (basically black/whitelisting)
We need a simplified interface for authorization services. Something like following may work:
interface AuthorizationServiceInterface
{
public function hasResource($resource);
public function isAuthorized($resource);
}
The guards should be generalized to use only this interface, and configuration of the guards should be decoupled from configuration of the resources.
I will gladly add a milestone for 2.0.0, but the steps for decoupling the guards are what we already need for 1.3.0
from bjyauthorize.
Closing, see #112
from bjyauthorize.
Related Issues (20)
- Controller Guard action name HOT 1
- Super role full access HOT 3
- [Question] Why is the User table named "users" and not "user"? HOT 20
- Guards should conform the other onRoute/onDispatch listeners
- Can't use flashMessenger on RedirectionStrategy HOT 1
- Assign diferent roles to one user HOT 1
- Exception UnAuthorizedException thrown instead of error/403 template HOT 7
- Problem when not defined guard to access
- Action get have no permissions HOT 1
- Fatal error: unable to fetch or create an instance for BjyAuthorize\Config' HOT 1
- Strange behaviour in role assigning HOT 1
- Get current user role
- Unauthorized is a word and should not be CamelCased as if it were two words HOT 1
- isAllowed only works after reload HOT 1
- Not working with zendframework/zend-eventmanager (2.6.2) HOT 1
- RedirectionStrategy doesnt work on latest zf2 HOT 1
- Question: How can I load roles from database withouth using doctrine?
- Is this module discontinued? HOT 14
- getting an error during phpunit testing.
- Use BjyAuthorize with ZF3 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bjyauthorize.