-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathauthorization-guards.global.php.dist
96 lines (89 loc) · 4.06 KB
/
authorization-guards.global.php.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php
return [
'dot_authorization' => [
//define how it will treat non-matching guard rules, allow all by default
'protection_policy' => \Dot\Rbac\Guard\GuardInterface::POLICY_ALLOW,
'event_listeners' => [
[
'type' => 'class or service name of the listener',
'priority' => 1,
],
],
//define custom guards here
'guard_manager' => [],
//register custom guards providers here
'guards_provider_manager' => [],
//define which guards provider to use, along with its configuration
//the guards provider should know how to build a list of GuardInterfaces based on its configuration
'guards_provider' => [
'type' => 'ArrayGuards',
'options' => [
'guards' => [
[
'type' => 'Route',
'options' => [
'rules' => [
'premium' => ['admin'],
'login' => ['guest'],
'logout' => ['admin', 'user', 'viewer'],
'account' => ['admin', 'user'],
'home' => ['*'],
]
]
],
[
'type' => 'RoutePermission',
'options' => [
'rules' => [
'premium' => ['premium'],
'account' => ['my-account'],
'logout' => ['only-logged'],
]
]
],
[
'type' => 'Controller',
'options' => [
'rules' => [
[
'route' => 'controller route name',
'actions' => [//list of actions to apply, or empty array for all actions],
//by default, authorization pass if all permissions are present(AND)
'roles' => [//list of roles to allow],
],
]
]
],
[
'type' => 'ControllerPermission',
'options' => [
'rules' => [
[
'route' => 'controller route name',
'actions' => [//list of actions to apply, or empty array for all actions],
//by default, authorization pass if all permissions are present(AND)
'permissions' => [//list of permissions to allow],
],
[
'route' => 'controller route name',
'actions' => [//list of actions to apply, or empty array for all actions],
'permissions' => [
//permission can be defined in this way too, for all permission type guards
'permissions' => [//list of permissions],
'condition' => \Dot\Rbac\Guard\GuardInterface::CONDITION_OR,
]
]
]
]
]
]
],
],
//overwrite default messages
'messages_options' => [
'messages' => [
//MessagesOptions::UNAUTHORIZED => 'You must sign in first to access the requested content',
//MessagesOptions::FORBIDDEN => 'You don\'t have enough permissions to access the requested content',
]
],
];