定制 sil/route-security-bundle 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

sil/route-security-bundle

Composer 安装命令:

composer require sil/route-security-bundle

包简介

Provide a way to secure accesses to all routes of an symfony application.

README 文档

README

Scrutinizer Code Quality Build Status Code Coverage SymfonyInsight

SilRouteSecurityBundle

This bundle provide a way to secure accesses to all routes of your application and adapt the view according to the logged user.

Principle

  • The bundle generate roles for all configured routes.
  • The bundle listen the kernel.request event and retrieve the requested route.
  • If the route is configure to be secured, the bundle check if the current user has the appropriate role. If not, an AccessDeniedException from Symfony security component is throw. You will see above how to modify this behaviour.

For all routes configured in access control, the user must be authenticated and implement the UserInterface of Symfony security component.

Installation

Composer

composer require sil/route-security-bundle

Register the bundle

<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new Sil\RouteSecurityBundle\SilRouteSecurityBundle(),
        // ...
    );
}

Add routes configuration

Routes are only required if you want to use the Javascript part of this bundle.

# app/config/routes/sil_route_security.yaml
sil_route_security:
    resource: "@SilRouteSecurityBundle/Resources/config/routing.yaml"

Configuration

You can configure the bundle under the sil_route_security key.

Options

Enable access control

By default, the access control is disable.

sil_route_security:
    enable_access_control: true

List of secured routes

You can define a list of secured routes :

sil_route_security:
    secured_routes: [app_user_list, app_user_add]

Secured routes format

In addition or instead of secured routes list, you can define a regex format to configure a set of routes to be secured :

sil_route_security:
    secured_routes_format: "/^app_/"

List of ignored routes

You can define a list of ignored routes :

sil_route_security:
    ignored_routes: [app_home, app_login, app_logout]

Ignored routes format

In addition or instead of ignored routes list, you can define a regex format to configure a set of routes to be not secured :

sil_route_security:
    ignored_routes_format: "/^app_[a-z]*_api/"`

Naming strategy

By default, to generate a role for route, the bundle convert the route name to ROLE_.strtoupper($route_name). If you want a different format, you can make your hown converter. Just create a service that implement the NamingStrategyInterface and configure the bundle option with your service identifier.

sil_route_security:
    naming_strategy: my_own_route_to_role_converter

Roles provider

All generated roles is accessible through the sil_route_security.roles_provider service.

<?php
// Controller
...
$rolesProvider = $this->get('sil_route_security.roles_provider');
$generatedRoles = $rolesProvider->getRoles();
...

For exemple, you can inject this service into your UserFormType to configure the associates roles to an user.

Adapt template view

The bundle expose :

  • Twig functions that allow you to generate view according to the roles of user.
  • Javascript object that allow you to generate view according to the roles of user.

Twig

hasUserAccessToRoute

  • Check if the user has access to the given route
  • Exemple :
{% if hasUserAccessToRoute(app.user, 'app_user_add') %}
  <a href="{{ path('app_user_add') }}">Add user</a>
{% endif %}

hasUserAccessAtLeastOneRoute

  • Check if the user has access at least to one route
  • Exemple :
{% if hasUserAccessAtLeastOneRoute(app.user, ['app_user_add', 'app_user_edit']) %}
  <span class="dropdown-title">User management</span>
  <ul class="dropdown-item">    
    {% if hasUserAccessToRoute(app.user, 'app_user_add') %}
      <li>
        <a href="{{ path('app_user_add') }}">Add user</a>
      </li>
    {% endif %}    
    {% if hasUserAccessToRoute(app.user, 'app_user_edit') %}
      <li>
        <a href="{{ path('app_user_edit') }}">Edit user</a>
      </li>
    {% endif %}    
  </ul>
{% endif %}

hasUserAccessToRoutes

  • Check if the user has access to all given routes
  • Exemple :
{% if hasUserAccessToRoutes(app.user, ['app_user_add', 'app_user_edit']) %}
  <a href="{{ path('app_user_add') }}">Add user</a>
  <a href="{{ path('app_user_edit') }}">Edit user</a>
{% endif %}

Javascript

Installation

To load it globally, add the following line to your template:

<script type="text/javascript" src="{{ asset('bundles/silroutesecurity/js/sil_route_security.min.js') }}"></script>
<script src="{{ path('sil_route_security.export_js_secured_routes') }}"></script>

Usage

if (SilRouteSecurity.hasUserAccessToRoute('name_of_route')) {
    console.log('Current authenticated user has access to route')
}

if (SilRouteSecurity.hasUserAccessToRoutes(['name_of_route_1', 'name_of_route_2'])) {
    console.log('Current authenticated user has access to all routes')
}

if (SilRouteSecurity.hasUserAccessAtLeastOneRoute(['name_of_route_1', 'name_of_route_2'])) {
    console.log('Current authenticated user has access to one of this routes')
}

Access denied behavior

When user access to secured route and does not have the right, an AccessDeniedException is throw. The framework will convert it to a 403 response. Just before that, the event AccessDeniedToRouteEvent is dispatch. You can listen it and implement your hown behaviour, logging the action for exemple, return a custom response, redirect, whatever...

sil/route-security-bundle 适用场景与选型建议

sil/route-security-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 8.83k 次下载、GitHub Stars 达 7, 最近一次更新时间为 2017 年 04 月 12 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「symfony」 「route」 「security」 「bundle」 「access」 「control」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 sil/route-security-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 sil/route-security-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 sil/route-security-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 8.83k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 7
  • 点击次数: 5
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 7
  • Watchers: 0
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2017-04-12