Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
Authorize users using Middleware
May 04, 2017 @ 09:40:56

Previously the Zend Framework blog posted a tutorial showed you how to authenticate a user with middleware in a Zend Expressive application. In this latest post in the series they move on to the next step: authorization.

In a previous post, we demonstrated how to authenticate a middleware application in PHP. In this post we will continue the discussion, showing how to manage authorizations.

We will start from an authenticated user and demonstrate how to allow or disable actions for specific users. We will collect users by groups and we will use a Role-Based Access Control (RBAC) system to manage the authorizations.

To implement RBAC, we will consume zendframework/zend-permissions-rbac.

They start by pulling in the Zend Expressive tooling support and creating the Permission module. The tutorial then gets into the basics of using a role-based access control system and the roles they're going to define: admin, editor and contributor (as well as what each can do). The roles are then defined in a configuration file and briefly explained. Next is the creation of the middleware to authorize the user and its action in the application, performing a check against the roles of the user on the requirements of the action. There's also an example of setting up role inheritance and how to configure the resulting route to fire off the authorization handling.

tagged: zendexpressive middleware authorization zendrbac rbac rolebased accesscontrol tutorial

Link: https://framework.zend.com/blog/2017-05-04-authorization-middleware.html

Zend Framework Blog:
Manage permissions with zend-permissions-rbac
May 02, 2017 @ 09:23:48

Continuing on from their previous tutorial looking at auth in Expressive middleware, the Zend Framework blog (and author Matthew Weier O'Phinney) shows an example of using the "zend-permissions-rbac" package from the Zend Framework to handle role-based access control in your application.

In our previous post, we covered authentication of a user via Expressive middleware. In that post, we indicated that we would later discuss authorization, which is the activity of checking if an authenticated user has permissions to perform a specific action, from within the context of a middleware application.

Before we do that, however, we thought we'd introduce zend-permissions-rbac, our lightweight role-based access control (RBAC) implementation.

The article starts off with the Composer command to get the package installed and some basic vocabulary around the role-based access control system. It then gets into some of the basics around creating a role and checking to see if a user (by identifier) has access to a permission. The post also includes an example of how to handle undefined roles more gracefully than the default exception. It goes on to cover role inheritance and the creation of a first "real world" example using the package for complex evaluation. This also includes assigning users roles using an Identity class and how to write custom assertions.

tagged: permissions zendframework rbac rolebased accesscontrol permission role tutorial package

Link: https://framework.zend.com/blog/2017-04-27-zend-permissions-rbac.html

Matt Stauffer:
ACL (Access Control List) Authorization in Laravel 5.1
Sep 10, 2015 @ 09:41:45

Matt Stauffer has continued his series looking at Laravel 5.1 with a new post covering the ACL functionality recently added in 5.1.1. This functionality adds on to the pre-existing authentication handling that has been a part of the framework for a while.

The authentication that Laravel provides out-of-the-box makes it simple to get user signup, login, logout, and password resets up and running quickly and easily.

But if you needed to control access to certain sections of the site, or turn on or off particular pieces of a page for non-admins, or ensure someone can only edit their own contacts, you needed to bring in a tool like BeatSwitch Lock or hand-roll the functionality, which would be something called ACL: Access Control Lists, or basically the ability to define someone's ability to do and see certain things based on attributes of their user record. Thankfully, Taylor and Adam Wathan wrote an ACL layer in Laravel 5.1.11 that provides this functionality without any added work.

He talks about the main interface to the ACL system, the Gate class/facade, and gives a simple example of it in use. He then gets into how it works in defining abilities and checking access levels with both the facade and on the model level. He also shows how to use the checks in Blade templates and how to intercept the evaluations for custom evaluation. He ends the post talking about the concept of policies and controller authorization to allow for additional checking.

tagged: acl accesscontrol authorization laravel5 tutorial series part12 gate

Link: https://mattstauffer.co/blog/acl-access-control-list-authorization-in-laravel-5-1

The Bakery:
Six New Articles and Tutorials
Jul 17, 2007 @ 12:09:00

The Bakery has six new articles/tutorials posted today on subjects ranging from working with LDAP out to Access Control:

Check out The Bakery for more great articles and tutorials (as well as case studies on sites using the CakePHP framework).

tagged: cakephp framework article tutorial acl krumo ldap accesscontrol cakephp framework article tutorial acl krumo ldap accesscontrol

Link:

The Bakery:
Six New Articles and Tutorials
Jul 17, 2007 @ 12:09:00

The Bakery has six new articles/tutorials posted today on subjects ranging from working with LDAP out to Access Control:

Check out The Bakery for more great articles and tutorials (as well as case studies on sites using the CakePHP framework).

tagged: cakephp framework article tutorial acl krumo ldap accesscontrol cakephp framework article tutorial acl krumo ldap accesscontrol

Link:

Nick Halstead's Blog:
Zend Framework RC1 and Zend ACL usage
May 31, 2007 @ 07:52:00

Nick Halstead takes a look at another aspect of the Zend Framework in his latest blog post - the ACL component in the most recent release, Zend Framework RC1.

Yesterday RC1 of Zend Framework was released. I have been working away using it for several months and I have tried to give back small snippets of code as I went along. I had to do some work on my class that extends the Zend ACL and it reminded me how I like to approach coding as a whole.

He goes on to look at what the Zend Framework access control functionality is and how he plans on using it. He follows this with a few code snippets that, among other things, show how the Zend_Config_Ini component could be used to maintain the access list.

tagged: accesscontrol zendacl zendframework zendconfigini accesscontrol zendacl zendframework zendconfigini

Link:

Nick Halstead's Blog:
Zend Framework RC1 and Zend ACL usage
May 31, 2007 @ 07:52:00

Nick Halstead takes a look at another aspect of the Zend Framework in his latest blog post - the ACL component in the most recent release, Zend Framework RC1.

Yesterday RC1 of Zend Framework was released. I have been working away using it for several months and I have tried to give back small snippets of code as I went along. I had to do some work on my class that extends the Zend ACL and it reminded me how I like to approach coding as a whole.

He goes on to look at what the Zend Framework access control functionality is and how he plans on using it. He follows this with a few code snippets that, among other things, show how the Zend_Config_Ini component could be used to maintain the access list.

tagged: accesscontrol zendacl zendframework zendconfigini accesscontrol zendacl zendframework zendconfigini

Link: