PHPackages tourze/json-rpc-security-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. tourze/json-rpc-security-bundle ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) tourze/json-rpc-security-bundle =============================== JsonRPC授权处理 2.0.0(4mo ago)05.2k12MITPHPCI passing Since Apr 14Pushed 4mo ago1 watchersCompare [ Source](https://github.com/tourze/json-rpc-security-bundle)[ Packagist](https://packagist.org/packages/tourze/json-rpc-security-bundle)[ RSS](/packages/tourze-json-rpc-security-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (5)Dependencies (22)Versions (6)Used By (12) JSON-RPC Security Bundle ======================== [](#json-rpc-security-bundle) \[[![PHP Version Require](https://camo.githubusercontent.com/daada083307f2a0871a143e4d49ebfda3b335239b0c6ce04da52049fcbf90a7c/68747470733a2f2f706f7365722e707567782e6f72672f746f75727a652f6a736f6e2d7270632d73656375726974792d62756e646c652f726571756972652f706870)](https://camo.githubusercontent.com/daada083307f2a0871a143e4d49ebfda3b335239b0c6ce04da52049fcbf90a7c/68747470733a2f2f706f7365722e707567782e6f72672f746f75727a652f6a736f6e2d7270632d73656375726974792d62756e646c652f726571756972652f706870)\] () \[[![License](https://camo.githubusercontent.com/879837b5382cc00a3094e2c0d402096695ace7bdf9b26dc6d5498b9681774a01/68747470733a2f2f706f7365722e707567782e6f72672f746f75727a652f6a736f6e2d7270632d73656375726974792d62756e646c652f6c6963656e7365)](https://camo.githubusercontent.com/879837b5382cc00a3094e2c0d402096695ace7bdf9b26dc6d5498b9681774a01/68747470733a2f2f706f7365722e707567782e6f72672f746f75727a652f6a736f6e2d7270632d73656375726974792d62756e646c652f6c6963656e7365)\] () \[[![Build Status](https://github.com/tourze/php-monorepo/workflows/CI/badge.svg)](https://github.com/tourze/php-monorepo/workflows/CI/badge.svg)\] () \[[![Coverage Status](https://camo.githubusercontent.com/32855e94577df9d0a30995653b17d33a5fbfdf644518f96ea0374313397d19b7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167652d3130302532352d627269676874677265656e)](https://camo.githubusercontent.com/32855e94577df9d0a30995653b17d33a5fbfdf644518f96ea0374313397d19b7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167652d3130302532352d627269676874677265656e)\] () [English](README.md) | [中文](README.zh-CN.md) Table of Contents ----------------- [](#table-of-contents) - [Overview](#overview) - [Requirements](#requirements) - [Installation](#installation) - [Quick Start](#quick-start) - [Features](#features) - [Usage](#usage) - [Basic Role-Based Authorization](#basic-role-based-authorization) - [Method-Level Authorization](#method-level-authorization) - [Custom Permission Attributes](#custom-permission-attributes) - [Architecture](#architecture) - [Core Components](#core-components) - [How It Works](#how-it-works) - [Exception Handling](#exception-handling) - [Configuration](#configuration) - [Security Configuration](#security-configuration) - [Service Configuration](#service-configuration) - [Advanced Usage](#advanced-usage) - [Custom Attributes](#custom-attributes) - [Multiple Permission Levels](#multiple-permission-levels) - [Testing](#testing) - [Test Coverage](#test-coverage) - [API Reference](#api-reference) - [GrantService](#grantservice) - [MethodPermission Attribute](#methodpermission-attribute) - [Contributing](#contributing) - [License](#license) Overview -------- [](#overview) A Symfony Bundle providing authorization handling for JSON-RPC services. Requirements ------------ [](#requirements) - PHP 8.1+ - Symfony 6.4+ - tourze/json-rpc-core - tourze/bundle-dependency Installation ------------ [](#installation) ``` composer require tourze/json-rpc-security-bundle ``` Quick Start ----------- [](#quick-start) 1. Add the bundle to your Symfony project: ``` // config/bundles.php return [ // ... Tourze\JsonRPCSecurityBundle\JsonRPCSecurityBundle::class => ['all' => true], ]; ``` 2. Use the `IsGranted` attribute on your JSON-RPC methods: ``` use Symfony\Component\Security\Http\Attribute\IsGranted; use Tourze\JsonRPC\Core\Domain\JsonRpcMethodInterface; #[IsGranted(attribute: 'ROLE_ADMIN')] class AdminMethod implements JsonRpcMethodInterface { public function __invoke(JsonRpcRequest $request): mixed { // Only users with ROLE_ADMIN can access this method return ['message' => 'Hello Admin!']; } } ``` Features -------- [](#features) - Seamless integration with Symfony Security component - Fine-grained permission control for JSON-RPC methods - Attribute-based permission declarations - Support for both class-level and method-level authorization - Automatic event-driven security checks Usage ----- [](#usage) Basic Role-Based Authorization ------------------------------ [](#basic-role-based-authorization) ``` use Symfony\Component\Security\Http\Attribute\IsGranted; use Tourze\JsonRPC\Core\Domain\JsonRpcMethodInterface; use Tourze\JsonRPC\Core\Model\JsonRpcRequest; #[IsGranted(attribute: 'ROLE_USER')] class UserProfileMethod implements JsonRpcMethodInterface { public function __invoke(JsonRpcRequest $request): mixed { // Accessible to authenticated users return ['profile' => 'user data']; } } ``` Method-Level Authorization -------------------------- [](#method-level-authorization) ``` use Symfony\Component\Security\Http\Attribute\IsGranted; use Tourze\JsonRPC\Core\Domain\JsonRpcMethodInterface; use Tourze\JsonRPC\Core\Model\JsonRpcRequest; class UserManagementMethod implements JsonRpcMethodInterface { #[IsGranted(attribute: 'ROLE_ADMIN')] public function deleteUser(int $userId): bool { // Only admins can delete users return true; } #[IsGranted(attribute: 'ROLE_USER')] public function viewProfile(int $userId): array { // Regular users can view profiles return ['id' => $userId, 'name' => 'John']; } } ``` Custom Permission Attributes ---------------------------- [](#custom-permission-attributes) For more fine-grained control, use the `MethodPermission` attribute: ``` use Tourze\JsonRPCSecurityBundle\Attribute\MethodPermission; use Tourze\JsonRPC\Core\Domain\JsonRpcMethodInterface; #[MethodPermission("user.edit", "Edit user information")] class UserEditMethod implements JsonRpcMethodInterface { public function __invoke(JsonRpcRequest $request): mixed { // Custom permission check return ['success' => true]; } } ``` Architecture ------------ [](#architecture) Core Components --------------- [](#core-components) - **`GrantService`**: Core authorization service that checks permissions - **`IsGrantSubscriber`**: Event subscriber that automatically triggers security checks - **`MethodPermission`**: Custom attribute for declaring method permissions How It Works ------------ [](#how-it-works) 1. When a JSON-RPC method is called, the `IsGrantSubscriber` intercepts the request 2. The `GrantService` analyzes the method's attributes using reflection 3. Security checks are performed against the current user's permissions 4. Access is granted or denied based on the results Exception Handling ------------------ [](#exception-handling) - **`AccessDeniedException`**: Thrown when no user is authenticated - **`ApiException`**: Thrown when the user lacks required permissions (code: -3) Configuration ------------- [](#configuration) Security Configuration ---------------------- [](#security-configuration) Ensure your Symfony security configuration is properly set up: ``` # config/packages/security.yaml security: providers: # Your user providers firewalls: main: # Your firewall configuration access_control: # Your access control rules ``` Service Configuration --------------------- [](#service-configuration) The bundle automatically registers its services. No additional configuration is required. Advanced Usage -------------- [](#advanced-usage) Custom Attributes ----------------- [](#custom-attributes) You can create custom permission attributes by extending the `MethodPermission` attribute: ``` use Tourze\JsonRPCSecurityBundle\Attribute\MethodPermission; #[\Attribute(\Attribute::TARGET_CLASS | \Attribute::TARGET_METHOD)] class AdminOnly extends MethodPermission { public function __construct(?string $title = 'Admin Only') { parent::__construct('ROLE_ADMIN', $title); } } ``` Multiple Permission Levels -------------------------- [](#multiple-permission-levels) Apply multiple permission checks for complex authorization scenarios: ``` #[IsGranted('ROLE_USER')] #[MethodPermission('user.advanced.access')] class AdvancedUserMethod implements JsonRpcMethodInterface { // Requires both ROLE_USER and custom permission } ``` Testing ------- [](#testing) Run the test suite with: ``` ./vendor/bin/phpunit packages/json-rpc-security-bundle/tests ``` Test Coverage ------------- [](#test-coverage) - ✅ `MethodPermission` attribute: Complete unit tests - ✅ `JsonRPCSecurityBundle`: Bundle registration tests - ✅ `JsonRPCSecurityExtension`: DI container tests - ✅ `GrantService`: Core authorization logic tests - ✅ `IsGrantSubscriber`: Event handling tests - ✅ Integration tests: SecurityBundle dependency now properly configured via BundleDependencyInterface Current test status: **23/23 tests passing** with comprehensive unit test coverage. API Reference ------------- [](#api-reference) GrantService ------------ [](#grantservice) ``` public function checkProcedure(JsonRpcMethodInterface $procedure): void ``` Checks if the current user has permission to access the given procedure. **Throws:** - `AccessDeniedException`: When no user is authenticated - `ApiException`: When the user lacks required permissions MethodPermission Attribute -------------------------- [](#methodpermission-attribute) ``` #[MethodPermission(string $permission, ?string $title = null)] ``` **Parameters:** - `$permission`: Permission identifier (e.g., "user.edit", "admin::users") - `$title`: Optional human-readable description Contributing ------------ [](#contributing) 1. Fork the repository 2. Create a feature branch 3. Add tests for new functionality 4. Ensure all tests pass 5. Submit a pull request License ------- [](#license) This project is licensed under the MIT License. ### Health Score 38 — LowBetter than 85% of packages Maintenance74 Regular maintenance activity Popularity17 Limited adoption so far Community16 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~62 days Total 5 Last Release 144d ago Major Versions 0.0.3 → 1.0.02025-10-31 1.0.0 → 2.0.02025-12-19 ### Community Maintainers ![](https://www.gravatar.com/avatar/e354fdb316da535dfa8ba2e9193a473c403b6bc6fb9170778d1dc50e304c6e9d?d=identicon)[tourze](/maintainers/tourze) --- Top Contributors [![tourze](https://avatars.githubusercontent.com/u/13899502?v=4)](https://github.com/tourze "tourze (2 commits)") --- Tags jsonrpcsymfony ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/tourze-json-rpc-security-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/tourze-json-rpc-security-bundle/health.svg)](https://phpackages.com/packages/tourze-json-rpc-security-bundle) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[prestashop/prestashop PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. 9.0k15.4k](/packages/prestashop-prestashop)[contao/core-bundle Contao Open Source CMS 1231.6M2.4k](/packages/contao-core-bundle)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[open-dxp/opendxp Content & Product Management Framework (CMS/PIM) 7310.3k29](/packages/open-dxp-opendxp) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)