f3-access | Route access control for the PHP Fat-Free Framework | Authorization library

by xfra35 PHP Version: v1.2.2 License: GPL-3.0

X-Ray Key Features Code Snippets(3)Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | f3-access Summary

f3-access is a PHP library typically used in Security, Authorization, Framework applications. f3-access has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has low support. You can download it from GitHub.

Route access control for the PHP Fat-Free Framework

Support

Quality

Security

License

Reuse

Support

f3-access has a low active ecosystem.

It has 61 star(s) with 10 fork(s). There are 16 watchers for this library.

It had no major release in the last 12 months.

There are 2 open issues and 5 have been closed. On average issues are closed in 14 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of f3-access is v1.2.2

Quality

f3-access has 0 bugs and 0 code smells.

Security

f3-access has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

f3-access code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

f3-access is licensed under the GPL-3.0 License. This license is Strong Copyleft.

Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

Reuse

f3-access releases are available to install and integrate.

Installation instructions, examples and code snippets are available.

f3-access saves you 134 person hours of effort in developing the same functionality from scratch.

It has 436 lines of code, 16 functions and 4 files.

It has high code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed f3-access and discovered the below as its top functions. This is intended to give you an instant insight into f3-access implemented functionality, and help decide if they suit your requirements.

Check if the user has the given route .
Parse route string
Authorize method
Add a rule to the current route .
Set or get policy
Adds a route to the allow rule .
Creates a new deny route

Get all kandi verified functions for this library.

f3-access Key Features

No Key Features are available at this moment for f3-access.

f3-access Examples and Code Snippets

Access,Ini configuration

PHP

Lines of Code : 11

License : Strong Copyleft (GPL-3.0)

Copy

[ACCESS]
policy = deny ;deny all routes by default

[ACCESS.rules]
ALLOW /foo = *
ALLOW /bar* = Albert,Jean-Louis
DENY /bar/baz = Jean-Louis

[ACCESS.rules]
allow GET|POST /foo = Jim
allow * /bar = Albert,Jim
deny PUT /bar = Jim

Access,Rules processing order,Path precedence

PHP

Lines of Code : 10

License : Strong Copyleft (GPL-3.0)

Copy

$access->deny('/admin*','mike');
$access->deny('/admin/blog/foo','mike');
$access->allow('/admin/blog','mike');
$access->allow('/admin/blog/foo/bar','mike');
$access->deny('/admin/blog/*/bar','mike');

$access->allow('/admin/blog/fo

Access,Basic usage

PHP

Lines of Code : 9

License : Strong Copyleft (GPL-3.0)

Copy

$access=Access::instance();
$access->policy('allow'); // allow access to all routes by default

$access->deny('/secured.htm'); // globally deny access to /secured.htm
$access->allow('/secured.htm','admin'); // allow "admin" to access /secure

Community Discussions

Trending Discussions on f3-access

F3 Framework: scope and usage of hive variables

QUESTION

F3 Framework: scope and usage of hive variables

Asked 2017-Jul-23 at 21:55

I've been using Fat Free Framework 3.6 for a while and I'm having some trouble making sure of a few things related to the variables used; also please note that I'm not that knowledgeable as a PHP programmer. Here are some examples (I'm using a few "shortcut" methods for the SQL mapper, but I guess it's still readable):

...

ANSWER

Answered 2017-Jul-23 at 21:55

Question #1: can a logged in user change its group?

No, a user cannot directly modify the contents of SESSION (unless you've provided him a way to do so). The only thing that can be exploited is the access itself, if the session id gets stolen (aka "session hijacking" cf. here or there).

Now, for the sake of flexibility, you'd better save the bare minimum inside SESSION. Storing the user group in the session prevents your from being able to dynamically change the group of a logged in user (the change will take effect on the next login). I'd rather advise to only store the user id and retrieve the group from it.

Question #2: Does changing the UPLOADS variable makes it different for the entire hive (i.e. all users), or is the change only for the current user?

Only for the current user.

NB: the entire hive is "only for the current user". Only cached variables are shared.

Question #3: How to retrieve a specific group from $arrayOfUserGroups?

$arrayOfUserGroups is computed from $userGroups->all() which I guess is the result of the DB\SQL\Mapper->find() method. That method doesn't index the results by id, only by order of appearance in the SQL output.

So one way to fix your issue would be to reindex the result before returning it. Something like:

Source https://stackoverflow.com/questions/45259520

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install f3-access

To install this plugin, just copy the lib/access.php file into your lib/ or your AUTOLOAD folder.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: