Class AuthorizationMiddleware
Authorization Middleware.
Injects the authorization service and decorated identity objects into the request object as attributes.
Property Summary
-
$_config protected
array<string, mixed>
Runtime config
-
$_configInitialized protected
bool
Whether the config property has already been configured with defaults
-
$_defaultConfig protected
array
Default config.
-
$container protected
Cake\Core\ContainerInterface|null
The container instance from the application
-
$subject protected
Authorization\AuthorizationServiceInterfaceAuthorization\AuthorizationServiceProviderInterface
Authorization service or application instance.
Method Summary
-
__construct() public
Constructor.
-
_configDelete() protected
Deletes a single config key.
-
_configRead() protected
Reads a config key.
-
_configWrite() protected
Writes a config key.
-
buildIdentity() protected
Builds the identity object.
-
configShallow() public
Merge provided config with existing config. Unlike
config()
which does a recursive merge for nested keys, this method does a simple merge. -
getAuthorizationService() protected
Returns AuthorizationServiceInterface instance.
-
getConfig() public
Returns the config.
-
getConfigOrFail() public
Returns the config for this specific key.
-
handleException() protected
Handle exception.
-
process() public
Callable implementation for the middleware stack.
-
setConfig() public
Sets the config.
Method Detail
__construct() ¶ public
__construct(Authorization\AuthorizationServiceInterfaceAuthorization\AuthorizationServiceProviderInterface $subject, array $config = [], Cake\Core\ContainerInterface|null $container = null)
Constructor.
Parameters
-
Authorization\AuthorizationServiceInterfaceAuthorization\AuthorizationServiceProviderInterface
$subject Authorization service or provider instance.
-
array
$config optional Config array.
-
Cake\Core\ContainerInterface|null
$container optional The container instance from the application
Throws
InvalidArgumentException
_configDelete() ¶ protected
_configDelete(string $key): void
Deletes a single config key.
Parameters
-
string
$key Key to delete.
Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config
_configRead() ¶ protected
_configRead(string|null $key): mixed
Reads a config key.
Parameters
-
string|null
$key Key to read.
Returns
mixed
_configWrite() ¶ protected
_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void
Writes a config key.
Parameters
-
array<string, mixed>|string
$key Key to write to.
-
mixed
$value Value to write.
-
string|bool
$merge optional True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config
buildIdentity() ¶ protected
buildIdentity(Authorization\AuthorizationServiceInterface $service, ArrayAccess|array $identity): Authorization\IdentityInterface
Builds the identity object.
Parameters
-
Authorization\AuthorizationServiceInterface
$service Authorization service.
-
ArrayAccess|array
$identity Identity data
Returns
Authorization\IdentityInterface
configShallow() ¶ public
configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this
Merge provided config with existing config. Unlike config()
which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
-
array<string, mixed>|string
$key The key to set, or a complete array of configs.
-
mixed|null
$value optional The value to set.
Returns
$this
getAuthorizationService() ¶ protected
getAuthorizationService(Psr\Http\Message\ServerRequestInterface $request): Authorization\AuthorizationServiceInterface
Returns AuthorizationServiceInterface instance.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request Server request.
Returns
Authorization\AuthorizationServiceInterface
Throws
RuntimeException
When authorization method has not been defined.
getConfig() ¶ public
getConfig(string|null $key = null, mixed $default = null): mixed
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
-
string|null
$key optional The key to get or null for the whole config.
-
mixed
$default optional The return value when the key does not exist.
Returns
mixed
getConfigOrFail() ¶ public
getConfigOrFail(string $key): mixed
Returns the config for this specific key.
The config value for this key must exist, it can never be null.
Parameters
-
string
$key The key to get.
Returns
mixed
Throws
InvalidArgumentException
handleException() ¶ protected
handleException(Authorization\Exception\Exception $exception, Psr\Http\Message\ServerRequestInterface $request, array|string $handler): Psr\Http\Message\ResponseInterface
Handle exception.
Parameters
-
Authorization\Exception\Exception
$exception Exception to handle.
-
Psr\Http\Message\ServerRequestInterface
$request Request instance.
-
array|string
$handler Handler config.
Returns
Psr\Http\Message\ResponseInterface
process() ¶ public
process(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface
Callable implementation for the middleware stack.
Processes an incoming server request in order to produce a response. If unable to produce the response itself, it may delegate to the provided request handler to do so.
Parameters
-
ServerRequestInterface
$request The request.
-
RequestHandlerInterface
$handler The request handler.
Returns
Psr\Http\Message\ResponseInterface
setConfig() ¶ public
setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
-
array<string, mixed>|string
$key The key to set, or a complete array of configs.
-
mixed|null
$value optional The value to set.
-
bool
$merge optional Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Cake\Core\Exception\CakeException
When trying to set a key that is invalid.
Property Detail
$_configInitialized ¶ protected
Whether the config property has already been configured with defaults
Type
bool
$_defaultConfig ¶ protected
Default config.
identityDecorator
Identity decorator class name or a callable. Defaults to IdentityDecoratoridentityAttribute
Attribute name the identity is stored under. Defaults to 'identity'requireAuthorizationCheck
When true the middleware will raise an exception if no authorization checks were done. This aids in ensuring that all actions check authorization. It is intended as a development aid and not to be relied upon in production. Defaults totrue
.
Type
array
$container ¶ protected
The container instance from the application
Type
Cake\Core\ContainerInterface|null
$subject ¶ protected
Authorization service or application instance.
Type
Authorization\AuthorizationServiceInterfaceAuthorization\AuthorizationServiceProviderInterface