search

ZF-Commons / zfc-rbac

Role-based access control module to provide additional features on top of Zend\Permissions\Rbac
BSD 3-Clause "New" or "Revised" License
181 stars 111 forks source link

Issue in documentation #254

Closed spalax closed 10 years ago

spalax commented 10 years ago

One mistake most beginners do is protecting their applications using guards only. This leaves your application open for some undesired side-effects. As a best practice you should protect all your services by injecting the authorization service.

Please correct me if i have wrong understanding, or miss something. But I have read the part of "Best practice", and a little bit confused. Does somebody can explain me why you should check permission (like "deletePost") in Service Layer?

  1. I did not get why somebody will want to protect from one of it is parts. Why some body will try to do "// MUHAHAHA DOING SOMETHING EVIL!!!" in one of your Controllers ? (or it is about one of angry colleagues =) )
  2. Do you think it is correct to restrict possibilities to participate in composition for PostService ? I guess, PostService might be called as a part of composition which have no ideas about roles or users.
  3. I believe that method deletePost should only "delete" (Single Responsibility), and do not check database connection or permission.

My point is, if it is called "Best practice and Real world application" Maybe PostService should be named as RestrictedPostService or other more narrow name.

bakura10 commented 10 years ago

Hi,

This is something I will need to update. Actually (I think @danizord experienced the same feeling iirc), protecting the service layer is "conceptually beautiful", but in real life it is very hard to do correctly, and protecting services is actually not convenient.

After using ZfcRbac extensively, I found that the best combination is using guards to protect a hierarchy of routes (for instance, blocking all the admin routes...). To that extent, the next to come "RoutePermissionsGuard" will allow to have guards based on permissions. Then, I protect my controllers using the "isGranted" controller plugin.

This is pretty convenient.

Hope it helps.

bakura10 commented 10 years ago

I've updated the doc a bit.

spalax commented 10 years ago

Cool. Thanks. And i absolutely agree with this definition.

If your application is architectured correctly, it is often simpler to protect your controllers.

jmleroux commented 10 years ago

While this update is a good start, i'm not really satisfied.

Documentation start like this :

One mistake most beginners do is protecting their applications using guards only.

And no one want's to be called a beginner ! :wink:

I would rather rephrase it like this :

Ideally, you should not protect your applications using only guards (Route or Controller guards). This leaves...

Thougts ?

Note : i'm working on the doc for #245

bakura10 commented 10 years ago

Yeah I agree. This part of the doc should be rewritten anyway. I'll wait for ZfcRbac 3.0 to make a full review of the doc =).