Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
Manage permissions with zend-permissions-rbac
May 02, 2017 @ 09:23:48

Continuing on from their previous tutorial looking at auth in Expressive middleware, the Zend Framework blog (and author Matthew Weier O'Phinney) shows an example of using the "zend-permissions-rbac" package from the Zend Framework to handle role-based access control in your application.

In our previous post, we covered authentication of a user via Expressive middleware. In that post, we indicated that we would later discuss authorization, which is the activity of checking if an authenticated user has permissions to perform a specific action, from within the context of a middleware application.

Before we do that, however, we thought we'd introduce zend-permissions-rbac, our lightweight role-based access control (RBAC) implementation.

The article starts off with the Composer command to get the package installed and some basic vocabulary around the role-based access control system. It then gets into some of the basics around creating a role and checking to see if a user (by identifier) has access to a permission. The post also includes an example of how to handle undefined roles more gracefully than the default exception. It goes on to cover role inheritance and the creation of a first "real world" example using the package for complex evaluation. This also includes assigning users roles using an Identity class and how to write custom assertions.

tagged: permissions zendframework rbac rolebased accesscontrol permission role tutorial package

Link: https://framework.zend.com/blog/2017-04-27-zend-permissions-rbac.html