trx:Authorization

Parent pages of this page are

Authorization is the process of deciding whether a certain person is allowed to perform a certain operation on a certain resource. trx:Authorization is a framework for providing authorization in PHP applications. trx:Authorization does not provide authentication (i.e. the process of deciding whether a user is who he purports to be).

Release

Download:

trx-authorization-0.8.tar.gz

Release Type:

Bugfix

Release Notes:

Package authorization is tested and stable.
Package authorization.implementation.basic is tested and stable.
Package authorization.implementation.acl is untested.

Features:

Can authorize based on roles, operations and resources.
Supports ineritance of roles, operations and resources.
Interface to implement custom rule storage and retrieval.
Interface to implement custom authorization definition paradigms (acl, role based, unix-like)
Simple API

Requirements:

trx:Authorization requires PHP5. It was tested on Windows XP with PHP 5.1.4. It should, however, run on any version of PHP5 on any operation system that has a PHP5 interpreter.

Installation:

Copy the directory source to a place where you can include files from.
Optionally rename the directory.
Include the ClassLoader.php via require_once($path . 'ClassLoader.php');
Create an instance of the class loader via $cl = new trxauth_ClassLoader();
Before using a class from the framework, load the class via $cl->loadClass($class); You also have to load classes that are required by the class you want to use.

Items 3, 4 and 5 should be done in your __autoload function. To get a list of classes that the class loader can load, call $cl->getClasses();.

Usage

Configuration

This is a quick run through the steps you need to do to configure trx:Authorization.

Create an operation manager, a rule manager and a request iterator factory

	$rm = new trxauth_BasicRuleManager();
	$om = new trxauth_BasicOpeartionManager();
	$ri = new trxauth_BasicRequestIteratorFactory();

Create an authorization manager

	$am = new trxauth_AuthorizationManager( $rm, $om, $ri );

Add operations to the authorization manager

	$op_turnoff = new trxauth_BasicOperation();
	$am->setOperation('turnoff', $op_turnoff);
	$op_refill = new trxauth_BasicOperation();
	$am->setOperation('refill', $op_refill);

Create users

	$administrator = new trxauth_BasicRole();
	$user = new trxauth_BasicRole();
	$user->setParent($administrator);

Create resources

	$computer = new trxauth_BasicResource();
	$coffepot = new trxauth_BasicResource();

Add access rules to the authorization manager

	$am->setRule (
		new trxauth_Request ( $user, $am->getOperation('turnoff'), $computer ),
		trxauth_RuleBuilder::createRoleRule($administrator)                      );
	$am->setRule (
		new trxauth_Request ( $administrator, $am->getOperation('turnoff'), $coffypot ),
		trxauth_RuleBuilder::createDenyRule()                                    );

Excution

This is a complete illustration of executing authorization requests

Retrieve the operation from the authorization manager

    $op_toff = $am->getOperation('turnoff');
    $op_refill = $am->getOperation('refill');

Excute an authorization request

    $allowed = $am->isAccessAllowed (
        new trxauth_Request( $user, $op_toff, $computer ) );
    // $allowed === true because $user is an $administrator

    $allowed = $am->isAccessAllowed (
        new trxauth_Request( $user, $op_refill, $coffepot ) );
    // $allowed === false because $user is an $administrator

    $allowed = $am->isAccessAllowed (
        new trxauth_Request( $user, $op_toff, $coffepot ) );
    // throws a trxauth_AuthorizationUndefinedException because no appropriate
    // rule was found

Tests

To run the tests, copy the test folder somwhere where your browser can access it and modify file autoload.php according to your environment. Run the test by pointing your browser to the test folder.