This repository has been archived by the owner on Jul 3, 2020. It is now read-only.
Releases: ZF-Commons/zfc-rbac
Releases · ZF-Commons/zfc-rbac
v2.5.1
v2.5.0
- [NEW FEATURE] Previously, the RoutePermissionsGuard accepted a route only if the current identity had ALL the permissions:
'guards' => [
'ZfcRbac\Guard\RoutePermissionsGuard' => [
'post/manage' => ['post.update', 'post.delete']
]
]This route is accepted only if the identity has both post.update and post.delete permissions. ZfcRbac now accepts an additional option:
'guards' => [
'ZfcRbac\Guard\RoutePermissionsGuard' => [
'post/manage' => [
'permissions' => ['post.update', 'post.delete'],
'condition' => GuardInterface::CONDITION_OR
]
]
]Now, the route is accepted if the identity has post.update permission only, post.delete permission only, or both.
Thanks to @davidwindell for this feature!
v2.4.2
v2.4.1
v2.4.0
- Add a new
hasRoleview helper. This is useful for showing a navigation, for instance. - Add a delegator to inject AuthorizationService into your objects. This is more efficient than initializers, but require more configuration. #249 (see docs)
- Add two new guards:
RoutePermissionsGuardandControllerPermissionsGuard. They work similarly as other guards but act on permissions rather on roles. #243 (see docs)
v2.3.1
v2.3.0
- When using the
RedirectStrategy, user was always redirected when he/she tried to access an unauthorized page. In some cases, you actually want to show them the 403 page. You can now do this through the newredirect_when_connectedoption in the RedirectStrategy. - Various doc fixes
v2.2.0
- New
AuthorizationServiceInterfacehas been introduced to simplify writing tests. - [Minor BC] A minor BC has been introduced if you explicitly created sub-classes of
IsGrantedview helper and/or controller plugin. Please read the UPGRADE document if that's the case.