Role-based authorization
Middleware for the Slim 3 framework.
Installation
With Composer:
composer require tkhamez/slim-role-auth
Usage
Example:
$app = new Slim\App();
// Deny access if a required role is missing
$app->add(new SecureRouteMiddleware(
[
// route pattern -> roles, first "starts-with" match is used
'/secured/public' => ['any'],
'/secured' => ['user'],
],
['redirect_url' => null] // optionally add "Location" header instead of 403 status code
));
// Add roles to request attribute
$app->add(new RoleMiddleware(
new RoleProvider(), // must implement RoleProviderInterface
['route_pattern' => ['/secured']] // optionally limit to these routes
));
- The
SecureRouteMiddleware
denies access to a route if the required role is missing in theroles
request attribute. - The
RoleMiddleware
class adds theroles
attribute to the request object with roles provided by theRoleProvider
class. - You can add several role providers for different paths.
This needs the Slim setting determineRouteBeforeAppMiddleware
set to true.
For more information, see the inline documentation for the classes.