diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 0e0f02c..89e83df 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -15,10 +15,10 @@ jobs: - ubuntu-latest php: - - "8.1" - "8.2" - "8.3" - "8.4" + - "8.5" steps: - name: Checkout diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 03d62cb..9976515 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -15,10 +15,10 @@ jobs: - ubuntu-latest php: - - "8.1" - "8.2" - "8.3" - "8.4" + - "8.5" steps: - name: Checkout diff --git a/README.md b/README.md index 920e5b1..e234e11 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # dot-rbac-guard -Defines authorization guards that authorize users for accessing certain parts of an application based on various criteria. +Defines authorization guards that authorize users to access certain parts of an application based on various criteria. If the authorization service can be used to check authorization on a narrow level, the guards are meant to work as gateways to bigger parts of an application. Usually, you'll want to use both methods in an application for increased security. @@ -11,7 +11,7 @@ Documentation is available at: https://docs.dotkernel.org/dot-rbac-guard/. ## Badges ![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac-guard) -![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/4.1.0) +![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/4.2.0) [![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac-guard)](https://github.com/dotkernel/dot-rbac-guard/issues) [![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac-guard)](https://github.com/dotkernel/dot-rbac-guard/network) @@ -36,7 +36,7 @@ You'll have to first configure dot-rbac before using this module. ## Configuration -As with many Dotkernel modules, we focus on the configuration based approach of customizing the module for your needs. +As with many Dotkernel modules, we focus on the configuration-based approach of customizing the module for your needs. After installing, merge the module's `ConfigProvider` with your application's config to make sure required dependencies and default module configuration are registered. Create a configuration file for this module in your 'config/autoload' folder. @@ -63,8 +63,8 @@ return [ //register custom guards providers here 'guards_provider_manager' => [], - //define which guards provider to use, along with its configuration - //the guards provider should know how to build a list of GuardInterfaces based on its configuration + //define which guard provider to use, along with its configuration + //the guard provider should know how to build a list of GuardInterfaces based on its configuration 'guards_provider' => [ 'type' => 'ArrayGuards', 'options' => [ @@ -97,9 +97,11 @@ return [ 'rules' => [ [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], - //by default, authorization pass if all permissions are present(AND) - 'roles' => [//list of roles to allow], + //list of actions to apply, or empty array for all actions + 'actions' => [], + //by default, authorization pass if all permissions are present (AND) + //list of roles to allow + 'roles' => [], ], ] ] @@ -110,16 +112,20 @@ return [ 'rules' => [ [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], - //by default, authorization pass if all permissions are present(AND) - 'permissions' => [//list of permissions to allow], + //list of actions to apply, or empty array for all actions + 'actions' => [], + //by default, authorization pass if all permissions are present (AND) + //list of permissions to allow + 'permissions' => [], ], [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], + //list of actions to apply, or empty array for all actions + 'actions' => [], 'permissions' => [ //permission can be defined in this way too, for all permission type guards - 'permissions' => [//list of permissions], + //list of permissions + 'permissions' => [], 'condition' => \Dot\Rbac\Guard\GuardInterface::CONDITION_OR, ] ] @@ -143,7 +149,7 @@ return [ ## Register the RbacGuardMiddleware in the pipe -The last step in order to use this package is to register the middleware. +The last step to use this package is to register the middleware. This middleware triggers the authorization event. You MUST insert this middleware between the routing middleware and the dispatch middleware of the application, because the guards need the `RouteResult` in order to get the matched route and params. diff --git a/SECURITY.md b/SECURITY.md index f9096d2..7d951b0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,14 +2,12 @@ ## Supported Versions - | Version | Supported | PHP Version | |---------|--------------------|----------------------------------------------------------------------------------------------------------------| -| 4.x | :white_check_mark: | ![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/4.0.0) | -| 3.x | :x: | ![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/3.4.3) | +| 4.x | :white_check_mark: | ![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/4.2.0) | +| 3.x | :x: | ![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/3.7.0) | | <= 2.x | :x: | | - ## Reporting Potential Security Issues If you have encountered a potential security vulnerability in this project, @@ -25,7 +23,7 @@ When reporting issues, please provide the following information: We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect the project's -users, and provides them with a chance to upgrade and/or update in order to +users and provides them with a chance to upgrade and/or update to protect their applications. diff --git a/composer.json b/composer.json index c55fca1..1a19c96 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,7 @@ } ], "require": { - "php": "~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0", + "php": "~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0", "dotkernel/dot-authentication": "^2.3.4", "dotkernel/dot-controller": "^4.0", "dotkernel/dot-rbac": "^4.0", @@ -62,7 +62,7 @@ ], "cs-check": "phpcs", "cs-fix": "phpcbf", - "test": "phpunit --colors=always", - "static-analysis": "phpstan analyse --memory-limit 1G" + "static-analysis": "phpstan analyse --memory-limit 1G", + "test": "phpunit --colors=always" } } diff --git a/docs/book/v3/configuration.md b/docs/book/v3/configuration.md index 16b358c..75ad4e2 100644 --- a/docs/book/v3/configuration.md +++ b/docs/book/v3/configuration.md @@ -1,6 +1,6 @@ # Configuration -As with many Dotkernel modules, we focus on the configuration based approach of customizing the module for your needs. +As with many Dotkernel modules, we focus on the configuration-based approach of customizing the module for your needs. After installing, merge the module's `ConfigProvider` with your application's config to make sure required dependencies and default module configuration are registered. Create a configuration file for this module in your 'config/autoload' folder. @@ -27,8 +27,8 @@ return [ //register custom guards providers here 'guards_provider_manager' => [], - //define which guards provider to use, along with its configuration - //the guards provider should know how to build a list of GuardInterfaces based on its configuration + //define which guard provider to use, along with its configuration + //the guard provider should know how to build a list of GuardInterfaces based on its configuration 'guards_provider' => [ 'type' => 'ArrayGuards', 'options' => [ @@ -61,9 +61,11 @@ return [ 'rules' => [ [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], - //by default, authorization pass if all permissions are present(AND) - 'roles' => [//list of roles to allow], + //list of actions to apply, or empty array for all actions + 'actions' => [], + //by default, authorization pass if all permissions are present (AND) + //list of roles to allow + 'roles' => [], ], ] ] @@ -74,16 +76,20 @@ return [ 'rules' => [ [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], - //by default, authorization pass if all permissions are present(AND) - 'permissions' => [//list of permissions to allow], + //list of actions to apply, or empty array for all actions + 'actions' => [], + //by default, authorization pass if all permissions are present (AND) + //list of permissions to allow + 'permissions' => [], ], [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], + //list of actions to apply, or empty array for all actions + 'actions' => [], 'permissions' => [ //permission can be defined in this way too, for all permission type guards - 'permissions' => [//list of permissions], + //list of permissions + 'permissions' => [], 'condition' => \Dot\Rbac\Guard\GuardInterface::CONDITION_OR, ] ] diff --git a/docs/book/v3/overview.md b/docs/book/v3/overview.md index f5f3ab9..3646cd7 100644 --- a/docs/book/v3/overview.md +++ b/docs/book/v3/overview.md @@ -5,7 +5,7 @@ The rbac authorization guards service authorizes users for accessing certain par ## Badges ![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac-guard) -![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/3.6.0) +![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/3.7.0) [![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac-guard)](https://github.com/dotkernel/dot-rbac-guard/issues) [![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac-guard)](https://github.com/dotkernel/dot-rbac-guard/network) diff --git a/docs/book/v4/configuration.md b/docs/book/v4/configuration.md index 16b358c..75ad4e2 100644 --- a/docs/book/v4/configuration.md +++ b/docs/book/v4/configuration.md @@ -1,6 +1,6 @@ # Configuration -As with many Dotkernel modules, we focus on the configuration based approach of customizing the module for your needs. +As with many Dotkernel modules, we focus on the configuration-based approach of customizing the module for your needs. After installing, merge the module's `ConfigProvider` with your application's config to make sure required dependencies and default module configuration are registered. Create a configuration file for this module in your 'config/autoload' folder. @@ -27,8 +27,8 @@ return [ //register custom guards providers here 'guards_provider_manager' => [], - //define which guards provider to use, along with its configuration - //the guards provider should know how to build a list of GuardInterfaces based on its configuration + //define which guard provider to use, along with its configuration + //the guard provider should know how to build a list of GuardInterfaces based on its configuration 'guards_provider' => [ 'type' => 'ArrayGuards', 'options' => [ @@ -61,9 +61,11 @@ return [ 'rules' => [ [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], - //by default, authorization pass if all permissions are present(AND) - 'roles' => [//list of roles to allow], + //list of actions to apply, or empty array for all actions + 'actions' => [], + //by default, authorization pass if all permissions are present (AND) + //list of roles to allow + 'roles' => [], ], ] ] @@ -74,16 +76,20 @@ return [ 'rules' => [ [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], - //by default, authorization pass if all permissions are present(AND) - 'permissions' => [//list of permissions to allow], + //list of actions to apply, or empty array for all actions + 'actions' => [], + //by default, authorization pass if all permissions are present (AND) + //list of permissions to allow + 'permissions' => [], ], [ 'route' => 'controller route name', - 'actions' => [//list of actions to apply, or empty array for all actions], + //list of actions to apply, or empty array for all actions + 'actions' => [], 'permissions' => [ //permission can be defined in this way too, for all permission type guards - 'permissions' => [//list of permissions], + //list of permissions + 'permissions' => [], 'condition' => \Dot\Rbac\Guard\GuardInterface::CONDITION_OR, ] ] diff --git a/docs/book/v4/overview.md b/docs/book/v4/overview.md index 8957e53..97ee1f0 100644 --- a/docs/book/v4/overview.md +++ b/docs/book/v4/overview.md @@ -5,7 +5,7 @@ The rbac authorization guards service authorizes users for accessing certain par ## Badges ![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac-guard) -![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/4.1.0) +![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac-guard/4.2.0) [![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac-guard)](https://github.com/dotkernel/dot-rbac-guard/issues) [![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac-guard)](https://github.com/dotkernel/dot-rbac-guard/network) diff --git a/docs/book/v4/updating-pipeline.md b/docs/book/v4/updating-pipeline.md index 4a9ebed..6b986da 100644 --- a/docs/book/v4/updating-pipeline.md +++ b/docs/book/v4/updating-pipeline.md @@ -1,6 +1,6 @@ # Register the RbacGuardMiddleware in the pipeline -The last step in order to use this package is to register the middleware. +The last step to use this package is to register the middleware. This middleware triggers the authorization event. You MUST insert this middleware between the routing middleware and the dispatch middleware of the application, because the guards need the `RouteResult` in order to get the matched route and params.