Comments (23)
Should we remove support for zf2 and allow zf3 only?
from zfc-rbac.
Should we drop support for PHP 5.6 and require PHP 7.0?
from zfc-rbac.
Should we drop support for PHP 7.0 and require PHP 7.1?
from zfc-rbac.
Are you waiting on a v3 of ZfcRbac?
from zfc-rbac.
Would you use it in your existing projects?
from zfc-rbac.
Should we provide features to allow ZfcRbac to be used as middleware for easy integration in zend-expressive f.e.?
from zfc-rbac.
The way I see things, the current version is working pretty stable on ZF2 projects. There's not that much need to add more features (at least as far as I can tell), so the ZF2 front is pretty good with the way things are.
As far as a potential new version is concerned, dropping PHP56 is a must. There's just no reason to support old stuff for a new major version. Again, projects running PHP56 will use the current version of Rbac. They don't have the need to update to a new version of Rbac. Therefore we can safely drop support for future versions. Though I'd go with 7.0 as this is the version within Ubuntu 16.04. Jumping to 7.1 would reduce the potential userbase quite a lot.
from zfc-rbac.
- Removed support for zf2 components. - no problem
- Additionally support for php56 was dropped. - ok
- Are you waiting on a v3? - I didn't follow for changes
- Would you use it in your existing projects? - may be
from zfc-rbac.
Removed support for zf2 components. - problem
Additionally support for php56 was dropped. - ok
Are you waiting on a v3? - Yep
Would you use it in your existing projects? - may be
from zfc-rbac.
Removed support for zf2 components. - no problem
Additionally support for php56 was dropped. - no problem
Are you waiting on a v3? - Yes, I do
Would you use it in your existing projects? - Yes, I would
Focus on middleware and compatibility with zend-expressive would be fine
from zfc-rbac.
Removed support for zf2 components.
ok, but only if we have good reason
Additionally support for php56 was dropped.
ok, I would even preffer drop 7.0 because many that support 7.0 already upgraded or will upgrade soon to 7.1(has many good feaures like optional typehints this really hurts in 7.0)
Are you waiting on a v3?
not really, but I heard this will be focused on middleware? Most my projects still use zend-mvc so I would still expect support for zend-mvc. Also I am always interested in this kind of updates.
Would you use it in your existing projects?
of course, but only if will be possible to update(no big BC breaks that I would have to invest more than few days to update), also I still use modules that does not support zf3 packages so if we drop zf2 I may can't use yet.
from zfc-rbac.
I don't know if all people got notifications, so I mention them again, sorry if you get the email twice:
/cc @hidahua, @Iraecio, @itmyprofession, @Jhue, @jmleroux, @joacub, @JPG-Consulting, @KadnikovVN, @kelsey9649, @KKonstantinov, @krisstwo, @lahirwisada, @Lansoweb, @lasimon, @lfq618, @lokrain, @machek, @Maks3w, @MalteGerth, @manuakasam, @marcosli, @meijssen, @MidnightDesign, @munishchopra, @Muzaffardjan, @neoglez, @Nirzol, @Nitecon, @nkuznetsova, @nomaanp, @nuxwin, @Ocramius, @ojhaujjwal, @Orkin, @PowerKiKi, @ppeiris
from zfc-rbac.
I don't know if all people got notifications, so I mention them again, sorry if you get the email twice:
/cc @nasko, @protecinnovations, @richardjennings, @rizaozden, @romanov-acc, @rufinus, @samsonasik, @sasezaki, @screws0ft, @Sequencesh, @sica07, @siddik12, @slacker775, @SpiffyJrTravis, @stefankleff, @steverhoades, @surjit, @svycka, @tad3j, @telkins, @thestanislav, @tklever, @trinhdung0911, @trixster, @unixmen, @vahid-sohrabloo, @vraskin, @webdevilopers, @webimpress, @wiggy, @wilonth, @Wilt, @Xerkus, @ZeinEddin, @zer0c14, @zhoujievet, @zionsg, @zxf104
from zfc-rbac.
To ease the voting process, I ask the questions separately here, please leave thumbs up or down. This way we can use the comments for more discussions, without repeating the same stuff again and again.
from zfc-rbac.
@prolic can you change questions?
Should we drop support for PHP 5.6 and require PHP 7.0?
Should we drop support for PHP 7.0 and require PHP 7.1?
its not clear for what we voting if I prefer 7.1 shoud I vore for second and down vote first? maybe remove and require PHP 7.x?
from zfc-rbac.
from zfc-rbac.
@prolic at the moment 6 is for 7.1 and 4 for 7.0 does it mean that 2 is agains 7.0? :) just saying that it is not very clear, but I guess this is not really important as we don't get any downvotes
from zfc-rbac.
"Would you use it in your existing projects?"
That really depends on whether I can somehow make a role/assertion configuration as mentioned before in my issue that can be found here: #270
It doesn't need to work exactly like that, but I should somehow be able to set such a config:
I have several roles for a user that depend on the context. In one context he can have admin rights while in another he has reader rights.
- collect role for authenticated identity (by passing context to a role provider)
- find role/assertions configuration for the current resource and this role and current action
- execute the assertions (passing both the identity and the resource, some of the assertions depend on the identity some on the resource and some on both)
- get a true or false for all assertions
- action is only allowed when all assertions return true
An example:
'role_resolver_map' => [
Resource::class => SomeRoleResolver::class,
],
//...
Resource::class => [
'Administrator' => [
// Admins are always allowed to create
'create' => [],
// Admins are always allowed to read
'read' => []
],
'Author' => [
// Authors are allowed to create new resource during daily hours
'create' => [
'AssertIsDaytime::class // simple assertion checking time now
],
],
'Reader' => [
// Reader can only read public resource
'read' => [
ResourceIsPublic::class // internally checks $resource->isPublic();
]
],
'Owner' => [
// Owner can always read his own resource
'read' => [],
]
],
Roles can be hierarchical so an Admin
inherits from Author
and Author
from Reader
, meaning an Author
is allowed to read
if the ResourceIsPublic
assertion returns true
.
Owner
is a separate role and is added to the roles collection for the current identity when this line in the SomeRoleResolver
returns true:
$resource->getOwner() === $identity;
We have something custom built heavily inspired on zfc-rbac
right now which works according to the above. I hope this is clear, please comment if I need to elaborate.
Looking forward to the next release, I am very willing to contribute where I can!
from zfc-rbac.
- Removed support for zf2 components. - No problem
- Additionally support for php56 was dropped. - I'm OK
- Are you waiting on a v3? - Yes
- Would you use it in your existing projects? - May be
from zfc-rbac.
- Removed support for zf2 components. - No problem
- Additionally support for php56 was dropped. - Well, I don't know...
- Are you waiting on a v3? - No
- Would you use it in your existing projects? - No. My project is used on many servers that are still on php56. And the actual version is working like a charm for me :)
from zfc-rbac.
Removed support for zf2 components. - ok
Additionally support for php56 was dropped. - ok
Are you waiting on a v3? - no
Would you use it in your existing projects? - no
I better like libraries, so removing any framework specific support is no problem for me, but I'm too busy to make my projects LTS. Keeping up to date versions with lots of BC breaks for a low level and basically simple functionality is a pain in my ass. I'm still using the 0.2 version... I have to make new high-level application features for my customers not updating thing they cant see, too often, because it breaks the system stability.
from zfc-rbac.
counts (yes, no/not sure)
Should we remove support for zf2 and allow zf3 only? 21 7
Should we drop support for PHP 5.6 and require PHP 7.0? 20 8
Should we drop support for PHP 7.0 and require PHP 7.1? 16 12
Are you waiting on a v3 of ZfcRbac? 18 6
Would you use it in your existing projects 20 1
Should we provide features to allow ZfcRbac to be used as middleware
for easy integration in zend-expressive f.e.? 19 -
other notes:
- request for dynamic role/assertion configuration
- manuakasam, nails it pretty good.
- zendframework plans around php version support
from zfc-rbac.
@/all FYI I've just implemented #379 which is #320 for the develop branch. Comments welcome...
from zfc-rbac.
Related Issues (20)
- Tag stable version for ZF3 compat HOT 6
- Looking for a new maintainer(s) HOT 5
- Missing use statement in ZfcRbac\Initializer\AuthorizationServiceInitializer HOT 1
- RedirectStrategy doesn't work with "ZF3" Eventmanager HOT 8
- RedirectStrategy + zf3 HOT 8
- Very strange session regeneration issue when using ZfcUser with ZfcRbac HOT 3
- Fllow the cookbook I get a problem not fund the authorizationservice HOT 3
- Unable to resolve service "Zend\Authentication\AuthenticationService
- why i always get error flow the cookbook? i will show what happend with my application HOT 4
- Cannot get a name and parameters for RoleProviderPluginManager HOT 2
- a guard priority question HOT 1
- Is there Mechanism of a cache? HOT 1
- Problem with doctrine update
- What is the plan of 3.0 release? HOT 7
- Maybe we could have PermissionProvider?
- HierarchicalRoleInterface problem HOT 1
- Config for version 3.0 needs some fixing or explaining HOT 9
- Migrate to Laminas HOT 7
- Is there a migration to Laminas either on-going or planned?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zfc-rbac.