Class \Prado\Security\Permissions\TPermissionsBehavior
TPermissionsBehavior class is a class behavior attached to IPermissions. This class calls getPermissions to get an array of TPermissionEvent and/or to have the implementation register their own permissions. Any returned TPermissionEvents will have their permission registered for rules.
This class also handles all dynamic events and when a listed Event from a TPermissionEvent is raised, this code checks if the current application user permission is checked.
Example getPermissions method:
public function getPermissions($manager) {
$manager->registerPermission('module_perm_edit', 'Short Description');
return [ new TPermissionEvent('module_perm_name', 'Short Description.', ['dyPermissionAction', 'dyOtherAction']) ];
}
In this example, the methods dyPermissionAction and dyOtherAction would have an authorization check on the given permission.
The way to implement a dynamic event is like this, from the example above: the first return value parameter is always false.
public function myFunctionToAuth($param1, $param2) {
if ($this->dyPermissionAction(false, $param1, $param2) === true)
return false;
....
return true;
}
Together, TPermissionsBehavior will check the user for the 'module_perm_name' permission.
This can be alternatively implemented as a call to the user::can, eg
if(!Prado::getApplication()->getUser()->can('module_perm_name'))
return false;
The application user is available on and after the onAuthenticationComplete in the application stack.
The default is to allow without any rules in place. To automatically block functionality, there needs to be a (final) Permission Rule to deny all. The TPermissionsManager, by default, adds a final rule to deny all on all permissions via TPermissionsManager::setAutoDenyAll.
The TUserPermissionsBehavior attaches to TUser to provide TUserPermissionsBehavior::can, whether or note a user has authorization for a permission.
Class hierarchy
- \Prado\Security\Permissions\TPermissionsBehavior implements IDynamicMethods uses TPermissionsManagerPropertyTrait
-
\Prado\Util\TBehavior
implements
IBehavior -
\Prado\Util\TBaseBehavior
implements
IBaseBehavior uses
TPriorityPropertyTrait
-
\Prado\TApplicationComponent
-
\Prado\TComponent
Since: 4.2.0
public
|
__dycall(string $method, array<string|int, mixed> $args) : bool|mixed
If in a proper dynamic event, checks if the application user
can perform a permission, if it can't, flag as handled.
|
public
|
attach(TComponent $owner) : mixed
Attaches the behavior object to the new owner component. This is normally called
by the new owner when attaching a behavior, by {@see \Prado\TComponent::attachBehavior},
and not directly called.
|
public
|
dyLogPermissionFailed(mixed $permission, string $action, TCallChain $callchain) : mixed
This logs permissions failures in the Prado::log and with the shell when
the Application is a TShellApplication. When the Application is in Debug
mode, the failed permission is written to shell-cli, otherwise the exact
permission is keep hidden from the shell user for security purposes.
|
public
|
\Prado\TApplicationComponent::FX_CACHE_FILE, \Prado\TComponent::GLOBAL_RAISE_EVENT_LISTENER |