Skip to content

halloverden/symfony-security-bundle

BranchesTags

Repository files navigation

HalloVerdenSecurityBundle

Installation

Make sure Composer is installed globally, as explained in the installation chapter of the Composer documentation.

Applications that use Symfony Flex

Open a command console, enter your project directory and execute:

$ composer require halloverden/symfony-security-bundle

Applications that don't use Symfony Flex

Step 1: Download the Bundle

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

$ composer require alloverden/symfony-security-bundle

Step 2: Enable the Bundle

Then, enable the bundle by adding it to the list of registered bundles in the config/bundles.php file of your project:

// config/bundles.php

return [
    // ...
    HalloVerden\SecurityBundle\HalloVerdenSecurityBundle::class => ['all' => true],
];

Authenticators

Authenticators can be used to allow authentication with an access token from your OpenID provider.

  1. Create a class that implements HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface
  2. Enable authenticators and the class you want to use as services 
      HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface:
    class: App\Services\OauthUserProviderService # Your class

  HalloVerden\Security\AccessTokenAuthenticator: ~
  HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
  3. Add authenticators to your security config. 
      guard:
    authenticators:
      - HalloVerden\Security\AccessTokenAuthenticator
    entry_point: HalloVerden\Security\AccessTokenAuthenticator
  4. You also need services that implements HalloVerden\Security\Interfaces\OauthTokenProviderServiceInterface and HalloVerden\Security\Interfaces\OauthJwkSetProviderServiceInterface ( this can be skipped when using halloverden/symfony-oidc-client-bundle )

Access Definitions

Create a yaml file for each entity that needs to have a access definition. Example:

App\Entity\Requests\TestRequest:
    canCreate:
        roles:
            - 'ROLE_ADMIN'
        scopes:
            - 'system.create:test-request'
    canRead:
        roles:
            - 'ROLE_ADMIN'
        scopes:
            - 'system.read:test-request'
    canUpdate:
        roles:
            - 'ROLE_ADMIN'
        scopes:
            - 'system.update:test-request'
    canDelete:
        roles:
            - 'ROLE_ADMIN'
        scopes:
            - 'system.delete:test-request'
    properties:
        test:
            canRead:
                roles:
                    - 'ROLE_USER'
                scopes:
                    - 'system.read:test-request.test'
            canWrite:
                roles:
                    - 'ROLE_USER'
                scopes:
                    - 'system.write:test-request.test'
        yoo:
            canWrite:
                roles:
                    - 'ROLE_USER'

Add the path for this access definition in the config file:

hallo_verden_security:
  access_definitions:
    dirs:
      App\Entity\Requests: '%kernel.project_dir%/config/access_definitions/requests'

You can use AccessDefinableExclusionStrategy to skip properties the user does not have access too on serializing the deserializing.

There is also the HasAccess validator constraint that can check if user have access to specific property.

In any other case you can use AccessDefinitionService to check access for specific class/property.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

12 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages