cbSecurity
model that can be used by any layer and provides you with a great functional API to secure your code.cbSecurity
model so you can do explicit authorization checks anywhere you like.cbSecurity
Modelcbsecure()
mixin (interceptors/handlers/layouts/views) and then call the appropriate security functions:NoUserLoggedIn
exception will be thrown by all methods.secure()
MethodsNotAuthorized
).permission
can be an array, string or list of the permissions to validate.message
is a custom error message to be used in the message
string of the exception thrown.when()
USER_ADMIN
can change people's roles or you want to filter some data for certain users. For this, we have created the when()
method with the following signature:permissions
is a permission array or list that will be Or'ed success
is a closure/lambda or UDF that will execute if the permissions validate. fail
is a closure/lambda or UDF that will execute if the permissions DID not validate, much like an else statementuser
which is the currently authenticated user, the called in permissions
and can return anything.when()
calls if needed, to create beautiful security contexts. So if we go back to our admin examples, we can do something like this:whenX()
methods to serve your needs when evaluating the permissions:hasPermission()
method. However, these methods provide abstraction and can easily be mocked!getId()
method of the authenticated user and the incoming user. This is part of our IAuthUser
interface requirements.secureWhen()
method:context
can be a closure/lambda/udf or a boolean evaluation:event.secureView()
method in the request context to pivot between views according to user permissions.secureView()
method into the request context via the preProcess
interception point.successView
if the user has the permissions or the failView
if they don't.cbSecurity
Method SummaryNotAuthorized
secure( permissions, [message] )
secureAll( permissions, [message] )
secureNone( permissions, [message] )
secureWhen( context, [message] )
guard() alias to secure()
fail
closure is defined, execute that instead.when( permissions, success, fail )
whenAll( permissions, success, fail )
whenNone( permissions, success, fail )
has( permissions ):boolean
all( permissions ):boolean
none( permissions ):boolean
sameUser( user ):boolean
secureView( permissions, successView, failView )