bjyoungblood/bjy-authorize
最新稳定版本:1.5.0-beta1
Composer 安装命令:
composer require bjyoungblood/bjy-authorize
包简介
Zend\Acl based firewall system for ZF2 dispatch protection
README 文档
README
Deprecated
This package is now officially deprecated and will not receive any future updates or bug fixes.
As long-term support for Zend Framework 2 ended on 2018-03-31, any users who currently rely on this package are heavily encouraged to migrate to Zend Framework 3 or another framework.
This module is designed to provide a facade for Zend\Permissions\Acl that will ease its usage with modules and applications. By default, it provides simple setup via config files or by using Zend\Db or Doctrine ORM/ODM (via ZfcUserDoctrineORM).
What does BjyAuthorize do?
BjyAuthorize adds event listeners to your application so that you have a "security" or "firewall" that disallows unauthorized access to your controllers or routes.
This is what a normal Zend\Mvc application workflow would look like:
And here's how it would look like with BjyAuthorize enabled:
Requirements
- Zend Framework 2
- ZfcUser (optional)
- ZfcUserDoctrineORM (optional)
Installation
Composer
The suggested installation method is via composer:
php composer.phar require bjyoungblood/bjy-authorize:1.4.* php composer.phar require zf-commons/zfc-user:0.1.*
Configuration
Following steps apply if you want to use ZfcUser with Zend\Db. If you want to use Doctrine ORM/ODM, you should also check the doctrine documentation.
- Ensure that following modules are enabled in your
application.config.phpfile in the this order:ZfcBaseZfcUserBjyAuthorize
- Import the SQL schema located in
./vendor/BjyAuthorize/data/schema.sql. - Create a
./config/autoload/bjyauthorize.global.phpfile and fill it with configuration variable values as described in the following annotated example.
Here is an annotated sample configuration file:
<?php // For PHP <= 5.4, you should replace any ::class references with strings // remove the first \ and the ::class part and encase in single quotes return [ 'bjyauthorize' => [ // set the 'guest' role as default (must be defined in a role provider) 'default_role' => 'guest', /* this module uses a meta-role that inherits from any roles that should * be applied to the active user. the identity provider tells us which * roles the "identity role" should inherit from. * for ZfcUser, this will be your default identity provider */ 'identity_provider' => \BjyAuthorize\Provider\Identity\ZfcUserZendDb::class, /* If you only have a default role and an authenticated role, you can * use the 'AuthenticationIdentityProvider' to allow/restrict access * with the guards based on the state 'logged in' and 'not logged in'. * * 'default_role' => 'guest', // not authenticated * 'authenticated_role' => 'user', // authenticated * 'identity_provider' => \BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider::class, */ /* role providers simply provide a list of roles that should be inserted * into the Zend\Acl instance. the module comes with two providers, one * to specify roles in a config file and one to load roles using a * Zend\Db adapter. */ 'role_providers' => [ /* here, 'guest' and 'user are defined as top-level roles, with * 'admin' inheriting from user */ \BjyAuthorize\Provider\Role\Config::class => [ 'guest' => [], 'user' => ['children' => [ 'admin' => [], ]], ], // this will load roles from the user_role table in a database // format: user_role(role_id(varchar], parent(varchar)) \BjyAuthorize\Provider\Role\ZendDb::class => [ 'table' => 'user_role', 'identifier_field_name' => 'id', 'role_id_field' => 'role_id', 'parent_role_field' => 'parent_id', ], // this will load roles from // the 'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' service \BjyAuthorize\Provider\Role\ObjectRepositoryProvider::class => [ // class name of the entity representing the role 'role_entity_class' => 'My\Role\Entity', // service name of the object manager 'object_manager' => 'My\Doctrine\Common\Persistence\ObjectManager', ], ], // resource providers provide a list of resources that will be tracked // in the ACL. like roles, they can be hierarchical 'resource_providers' => [ \BjyAuthorize\Provider\Resource\Config::class => [ 'pants' => [], ], ], /* rules can be specified here with the format: * [roles (array], resource, [privilege (array|string], assertion]) * assertions will be loaded using the service manager and must implement * Zend\Acl\Assertion\AssertionInterface. * *if you use assertions, define them using the service manager!* */ 'rule_providers' => [ \BjyAuthorize\Provider\Rule\Config::class => [ 'allow' => [ // allow guests and users (and admins, through inheritance) // the "wear" privilege on the resource "pants" [['guest', 'user'], 'pants', 'wear'], ], // Don't mix allow/deny rules if you are using role inheritance. // There are some weird bugs. 'deny' => [ // ... ], ], ], /* Currently, only controller and route guards exist * * Consider enabling either the controller or the route guard depending on your needs. */ 'guards' => [ /* If this guard is specified here (i.e. it is enabled], it will block * access to all controllers and actions unless they are specified here. * You may omit the 'action' index to allow access to the entire controller */ \BjyAuthorize\Guard\Controller::class => [ ['controller' => 'index', 'action' => 'index', 'roles' => ['guest','user']], ['controller' => 'index', 'action' => 'stuff', 'roles' => ['user']], // You can also specify an array of actions or an array of controllers (or both) // allow "guest" and "admin" to access actions "list" and "manage" on these "index", // "static" and "console" controllers [ 'controller' => ['index', 'static', 'console'], 'action' => ['list', 'manage'], 'roles' => ['guest', 'admin'], ], [ 'controller' => ['search', 'administration'], 'roles' => ['staffer', 'admin'], ], ['controller' => 'zfcuser', 'roles' => []], // Below is the default index action used by the ZendSkeletonApplication // ['controller' => 'Application\Controller\Index', 'roles' => ['guest', 'user']], ], /* If this guard is specified here (i.e. it is enabled], it will block * access to all routes unless they are specified here. */ \BjyAuthorize\Guard\Route::class => [ ['route' => 'zfcuser', 'roles' => ['user']], ['route' => 'zfcuser/logout', 'roles' => ['user']], ['route' => 'zfcuser/login', 'roles' => ['guest']], ['route' => 'zfcuser/register', 'roles' => ['guest']], // Below is the default index action used by the ZendSkeletonApplication ['route' => 'home', 'roles' => ['guest', 'user']], ], ], ], ];
Helpers and Plugins
There are view helpers and controller plugins registered for this module. In either a controller or a view script, you can call $this->isAllowed($resource[, $privilege]), which will query the ACL using the currently authenticated (or default) user's roles.
Whenever you need to stop processing your action you can throw an UnAuthorizedException and users will see you message on a 403 page.
function cafeAction() { if (!$this->isAllowed('alcohol', 'consume')) { throw new \BjyAuthorize\Exception\UnAuthorizedException('Grow a beard first!'); } // party on ... }
License
Released under the MIT License. See file LICENSE included with the source code for this project for a copy of the licensing terms.
bjyoungblood/bjy-authorize 适用场景与选型建议
bjyoungblood/bjy-authorize 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 773.77k 次下载、GitHub Stars 达 284, 最近一次更新时间为 2026 年 01 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「zf2」 「acl」 「zfc-user」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 bjyoungblood/bjy-authorize 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 bjyoungblood/bjy-authorize 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 bjyoungblood/bjy-authorize 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
LosLog provides some log utility
Laravel Multiauth package
Private message system for ZfcUser
EdpModuleLayouts is very simple Laminas module for making module-specific layouts insanely easy.
Zend Framework module to leverage the symfony dependency injection container
This package provides a flexible way to add Role-based Permissions to Laravel 6.x
统计信息
- 总下载量: 773.77k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 288
- 点击次数: 17
- 依赖项目数: 34
- 推荐数: 8
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2026-01-04