Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuration: simplest authorization #696

Open
BayerMeister opened this issue Apr 24, 2018 · 2 comments
Open

Configuration: simplest authorization #696

BayerMeister opened this issue Apr 24, 2018 · 2 comments
Labels
Area: Configuring Status: Need Feedback

Comments

@BayerMeister
Copy link

BayerMeister commented Apr 24, 2018
edited
Loading

The page about configuration offers a very simple way to authenticate. There is however no mention about an equivalent way to set up authorization.
The ACL page goes into detail here, but it is not obvious if both approaches can be combined.

I would like to see some lines added, but I have no idea if this is the correct way to do it.
Here is what we've got:

security:
    debugger: true  # debugger bar panel

    users:
        johndoe: secretpassword
        mikesmith: anotherpassword

    roles:
        guest:
        member:
        admin: [member]  # admin extends member

    resources:
        file:

And here's what i would like to add at the end, if something like that exists (pseudo-code):

security:
    allow(member, file, read)
    addRole(johndoe, [admin, ...])
    addRole(mikesmith, member)

As soon as I find out how this can be done properly, I'll happily add it to both EN and CS documentation.

As mentioned on the ACL page I know there is this option:

services:
    acl:
        factory: Nette\Security\Permission
        setup:
            - allow(member, file, read)
            - addRole(johndoe, [admin, ...])
            - addRole(mikesmith, member)

But that does not combine well, or does it? If that is the only way, maybe it should be added to the configuration page.
@f3l1x
Copy link
Member

f3l1x commented Sep 29, 2018

I'm not sure if it's clear Nette-way how to define ACL, thus I don't known it should be in docs. What do you think guys? @dg @JanTvrdik @chemix @matej21?

@chemix
Copy link
Member

chemix commented Oct 2, 2018
edited
Loading

I'm doing ACL simple way by dynamic user auth with DI configuration via neon file
(https://doc.nette.org/en/2.4/access-control#toc-usage-in-application)

services:
    authorizator:
        class: Nette\Security\Permission
        setup:
            - addRole('guest')
            - addRole('user')
            - addRole('admin', 'user')
            - addRole('root', 'admin')

            - addResource('User')
            - allow('admin', 'User', 'view')
            - allow('admin', 'User', 'add')
            - allow('admin', 'User', 'edit')
            - allow('admin', 'User', 'remove')

And if I understand question from @BayerMeister, he wants to add to this https://github.com/nette/security/blob/master/src/Bridges/SecurityDI/SecurityExtension.php extension section for "setup" ACL tree (allow, deny) ? Isn't it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Configuring Status: Need Feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chemix @f3l1x @BayerMeister