-
Notifications
You must be signed in to change notification settings - Fork 117
Authorization
To use permissions in Thruway, you need to load the AuthorizationManager module for the realm.
$authorizationManager = new \Thruway\Authentication\AuthorizationManager('authorizing_realm');
$router->registerModule($authorizationManager);
The AuthorizationManager provides RPCs that can be used to change the permissions in that realm:
add_authorization_rule is called with a single argument that is a authorization rule:
In JSON:
{
"role": "some_role",
"action": "publish",
"uri": "some.uri",
"allow": true
}
In PHP:
(object)[
"role" => "some_role",
"action" => "publish",
"uri" => "some.uri",
"allow" => true
]
If you would like to setup rules prior to the startup of the router, you can call the same functions in PHP prior to calling start:
$authorizationManager->addAuthorizationRule((object)[
"role" => "some_role",
"action" => "publish",
"uri" => "some.uri",
"allow" => true
]);
This is not implemented yet.
This takes a true/false argument that will set the default policy of the realm.
This returns all of the authorization rules that have been set.
This allows testing of actions to return whether or not the current permissions will allow or deny an action.
test_authorization takes 3 arguments.
[["role1", "role2"], "publish|subscribe|register|call", "my.uri"]
- An array of roles that will be tested.
- The action being tested.
- The URI that is being tested.
I am in the process of writing a post to demonstrate the use of permissions. I will repost that here when it is complete. Please let me know if you have any other questions.