Security
[DEPRECATED, MOVED to @Symplify] Integration of Firewall and Votres tfrom Symfony\Security to Nette DI
Install / Use
/learn @deprecated-packages/SecurityREADME
Symnedi/Security
Install
composer require symnedi/security
Register the extension:
# app/config/config.neon
extensions:
- Symnedi\Security\DI\SecurityExtension
- Symnedi\EventDispatcher\DI\EventDispatcherExtension
Usage
Voters
First, read Symfony cookbook
Then create new voter implementing Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
and register it as service in config.neon:
services:
- App\SomeModule\Security\Voter\MyVoter
Then in place, where we need to validate access, we'll just use AuthorizationChecker:
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class Presenter
{
/**
* @var AuthorizationCheckerInterface
*/
private $authorizationChecker;
public function __construct(AuthorizationCheckerInterface $authorizationChecker)
{
$this->authorizationChecker = $authorizationChecker;
}
/**
* @param PresenterComponentReflection $element
*/
public function checkRequirements($element)
{
if ($this->authorizationChecker->isGranted('access', $element) === FALSE) {
throw new ForbiddenRequestException;
}
}
}
Firewalls
Original Symfony firewalls pretty simplified and with modular support by default.
All we need to create is a matcher and a listener.
Request Matcher
This service will match all sites in admin module - urls starting with /admin:
use Symfony\Component\HttpFoundation\Request;
use Symnedi\Security\Contract\HttpFoundation\RequestMatcherInterface;
class AdminRequestMatcher implements RequestMatcherInterface
{
/**
* {@inheritdoc}
*/
public function getFirewallName()
{
return 'adminSecurity';
}
/**
* {@inheritdoc}
*/
public function matches(Request $request)
{
$url = $request->getPathInfo();
return strpos($url, '/admin') === 0;
}
}
Firewall Listener
It will ensure that user is logged in and has 'admin' role, otherwise redirect.
use Nette\Application\AbortException;
use Nette\Application\Application;
use Nette\Application\Request;
use Nette\Security\User;
use Symnedi\Security\Contract\Http\FirewallListenerInterface;
class LoggedAdminFirewallListener implements FirewallListenerInterface
{
/**
* @var User
*/
private $user;
public function __construct(User $user)
{
$this->user = $user;
}
/**
* {@inheritdoc}
*/
public function getFirewallName()
{
return 'adminSecurity';
}
/**
* {@inheritdoc}
*/
public function handle(Application $application, Request $applicationRequest)
{
if ( ! $this->user->isLoggedIn()) {
throw new AbortException;
}
if ( ! $this->user->isInRole('admin')) {
throw new AbortException;
}
}
}
Then we register both services.
services:
- AdminRequestMatcher
- LoggedAdminFirewallListener
That's it!
Testing
composer check-cs # see "scripts" section of composer.json for more details
vendor/bin/phpunit
Contributing
Rules are simple:
- new feature needs tests
- all tests must pass
- 1 feature per PR
We would be happy to merge your feature then!
Related Skills
node-connect
351.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
351.8kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
351.8kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
