Get support for KnpLabs/rad-security

If you're new to LTH, please see our FAQ for more information on what it is we do.

Support Options

Unfortunately, there are currently no active helpers for this repository on the platform. Until they become available, we reccomend the following actions:

View Open Issues

Take a look to see if anyone else has experienced the same issue as you and if they managed to solve it.

Open an Issue

Make sure to read any relevant guidelines for opening issues on this repo before posting a new issue.

Sponsor directly

Check out the page and see if there are any options to sponsor this project or it's developers directly.

KnpLabs/rad-security

View on github

DEPRECATED

Unfortunately we decided to not maintain this project anymore (see why). If you want to mark another package as a replacement for this one please send an email to hello@knplabs.com.

Rapid Application Development : Security

Provide RAD security components

Build Status

Official maintainers:

Installation

composer require knplabs/rad-security ~4.0

// config/bundles.php

<?php

return [
    Knp\Rad\Security\Bundle\SecurityBundle::class => ['all' => true],
];

Use

IS_OWNER voter

You now have access to a voter that checks if the authenticated user is the owner of an object.

The user contained inside the security token must implement Knp\Rad\Security\OwnerInterface.

The object you're about to test ownership must implement Knp\Rad\Security\OwnableInterface.

Example

<?php

namespace App\Model;

use Knp\Rad\Security\OwnerInterface;

class User implements OwnerInterface
{
}

<?php

namespace App\Model;

use Knp\Rad\Security\OwnableInterface;
use App\Model\User;

class Book implements OwnableInterface
{
    /** @var App\Model\User */
    protected $writtenBy;

    public function __construct(User $writtenBy)
    {
        $this->writtenBy = $writtenBy;
    }

    public function getOwner()
    {
        return $this->writtenBy;
    }
}

$zola = new \App\Model\User(); // He is the current authenticated user
$hugo = new \App\Model\User();

$germinal = new \App\Model\Book($zola);
$miserables = new \App\Model\Book($hugo);

$authorizationChecker = $container->get(/* ... */);
$authorizationChecker->isGranted(array('IS_OWNER'), $germinal); // true
$authorizationChecker->isGranted(array('IS_OWNER'), $miserables); // false

Security from routing

You can specify security constraints directly from your routing by providing a role or an array of roles with the roles parameter. If you specify an array, it will be passed as is to the authorization checker, and that means the authorization strategy depends on your configuration of the security component.

Example

acme_demo:
    path: /demo
    defaults:
        _controller: FrameworkBundle:Template:template
        template: Acme:demo:index.html.twig
        _security:
            - roles: IS_AUTHENTICATED_FULLY

The main advantage comes when used with the rad-resource-resolver component & the ParamConverter from SensioLabs. You can provide a subject previously resolved and available in the request attributes. If you have many objects resolved against which you can check security constraints, you can specify many rules.

Example

acme_group_update:
    path: /team/{tid}/group/{gid}/update
    defaults:
        _controller: AcmeBundle:Group:update
        template: Acme:Group:update.html.twig
        _resources:
            team:
                # ...
            group:
                # ...
        _security:
            -
                roles: [IS_MEMBER, ANOTHER_ROLE]
                subject: team
            -
                roles: IS_OWNER
                subject: group
Our Mission

We want to make open source more sustainable. The entire platform was born from this and everything we do is in aid of this.

From the Blog
Interesting Articles
Company

Thank you for checking out LiveTechHelper |
2025 © lth-dev incorporated

p-e622a1a2