Control User Access to Classes and Methods with Rauth
Rauth is SitePoint’s access control package for either granting or restricting access to certain classes or methods, mainly by means of annotations.
In this tutorial, we’ll learn how to use it.
Traditional access control layers (ACLs) only control routes – you set anything starting with
/admin to be only accessible by admins, and so on. This is fine for most cases, but not when:
- you want to control access on the command line (no routes there)
- you want your access layer unchanged even if you change the routes
Rauth was developed to address this need. Naturally, it’ll also work really well alongside any other kind of ACL if its features are insufficient.
Annotations Are Bad ™
Somewhat “controversially”, Rauth defaults to using annotations to control access. No matter which camp you’re in regarding annotations in PHP, here’s why their use in Rauth’s case is nowhere near as wrong as some make it out to be:
as you’ll usually control access to controllers and actions in a typical MVC app, hard-coupling them to Rauth like this is not only harmless (controllers almost always need to be completely discarded and rewritten if you’re changing frameworks or the app’s structure in a major way), it also provides you with instant insight into which class / method has which ACL requirements
if you don’t like annotations, you can feed Rauth a pre-cached or pre-parsed list of permissions and classes they apply to, so the whole annotations issue can be avoided completely
there’s no more fear of annotations slowing things down because PHP needs to reflect into the classes in question and extract them every time. With OpCache on at all times, this only happens once, and with Rauth’s own cache support, this can even be saved elsewhere and the annotation reading pass can be avoided altogether.
Continue reading %Control User Access to Classes and Methods with Rauth%