Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization #8

Open
thekid opened this issue Jul 21, 2018 · 1 comment
Open

Authorization #8

thekid opened this issue Jul 21, 2018 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@thekid
Copy link
Member

thekid commented Jul 21, 2018
edited
Loading

Based on top of a yet-to-be-created authentication layer, the REST APIs should support authorization: limiting certain methods to authenticated users and their roles

Basic idea

use web\Response;

#[@require(['admin'])]
class Administration {

  /** Deletes a URL by a given ID */
  #[@delete('/{id}')]
  public function delete(string $id): Response {
    // ...
  }
}

The require annotation makes the surrounding layer perform checks on the authenticated user. By annotating the containing class all its methods will be affected.

  • @require(['admin']) - requires the user to be in the admin role
  • @require(['admin', 'user']) - requires the user to be in the admin or user role
  • @require(function($user) { ... }) - runs a user-defined function on the user. Allows access if function returns true.
@thekid thekid added enhancement New feature or request help wanted Extra attention is needed labels Jul 21, 2018
@thekid
Copy link
Member Author

thekid commented Jul 22, 2018

See xp-forge/web#43 and xp-forge/web#44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thekid