PHPackages alichry/laminas-accesscontrol - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. alichry/laminas-accesscontrol ActiveLibrary[Authentication & Authorization](/categories/authentication) alichry/laminas-accesscontrol ============================= Access control for laminas 1.0.0(5y ago)01871MITPHPPHP ^7.1CI failing Since Jun 1Pushed 5y ago1 watchersCompare [ Source](https://github.com/alichry/laminas-accesscontrol)[ Packagist](https://packagist.org/packages/alichry/laminas-accesscontrol)[ RSS](/packages/alichry-laminas-accesscontrol/feed)WikiDiscussions master Synced yesterday READMEChangelogDependencies (3)Versions (5)Used By (1) laminas-accesscontrol ===================== [](#laminas-accesscontrol) [![Build Status](https://camo.githubusercontent.com/bef7356ebc6c5a920491af1a33dd34008814bfc5b197386f22e6c2e5fe862acf/68747470733a2f2f7472617669732d63692e6f72672f616c69636872792f6c616d696e61732d616363657373636f6e74726f6c2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/alichry/laminas-accesscontrol)[![codecov](https://camo.githubusercontent.com/2188adcb31b24550999c347f56b3f6fa41be990ff5201ad6ad2b67f80e3602ff/68747470733a2f2f636f6465636f762e696f2f67682f616c69636872792f6c616d696e61732d616363657373636f6e74726f6c2f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/alichry/laminas-accesscontrol) This module is aimed at providing a simple interface that can run queries againt an access control list pertaining an application's controller or a controller's action as a the target resource. This is should not be used directly, use [https://github.com/alichry/laminas-authorization](alichry/laminas-authorization) Interfaces and implementations ------------------------------ [](#interfaces-and-implementations) The base interface for an AccessControlList is `AccessControlListInterface` that provides 3 methods: - identityHasPermission(identity, permission) - identityHasRole(identity, role) - getAccessStatus(identity, resourceIdentifier) An access status, `Status`, is the result of consulting the underlying `ListAdapterInterface` and `ResourceManagerInterface`. Multiple status codes exists: - Unauthorized, `Status::UNAUTHORIZED`: The given identity is not authorized, i.e. does not have specified permission or role for the controller/action. - Unauthenticated, `Status::UNAUTHENTICATED`: The given identity is null and, therefore, is invalid. This implies that the identity "null" is unauthenticated. This is practically a short-circuit between `alichry/laminas-authorization` and `alichry/laminas-accesscontrol` since the passed identity is null, and is usually retrieved from an `AuthenticationService` from `laminas/laminas-autthentication`. - Rejected, `Status::REJECTED`: If controller/action has "reject all", or inferred policy is "reject all" - Public, `Status::PUBLIC`: Publicly accessible, no need for authentication or authorization - Ok, `Status::OK`: The given identity is authorized but not necessarily authenticated, i.e. given identity does have specified permission or role for the controller/action. This does not imply if the user is authenticated. Checking if authenticated is the purpose of `alichry/laminas-authorization` ArrayAccessControlList ---------------------- [](#arrayaccesscontrollist) `ArrayAccessControlList` relies on passed list of identities, permissions, roles and controllers access levels to infer access statuses. There exists 2 modes: - Strict, `ArrayListAdapter::MODE_STRICT` mode: All identities must be defined in the list, a referenced identity that is not defined will result in an exception thrown. A referenced identity role must be also defined in the roles list. Referenced permisions in identity list should be also included in the permission list. An exception will be thrown if an entry is missing. - Chill, `ArrayListAdapter::MODE_CHILL` mode: Some identities can be omitted from the configuration, this will lead `ArrayAccessControlList` to assume that the omitted identity has no permissions at all. No exception will be thrown if a permission is referenced in the identity list but not in the permission list. Policies deal with the default access level for missing entries in the resources list - Reject: if the target resource is not found, then reject all requests. - Authenticate: if the target resource is not found, then assume it requires authentication. - Accept: if the target resource is not found, then assume it is publicly accessible. ### Example [](#example) ```