Closed jguittard closed 6 years ago
@jguittard the ZendRbacAssertionInterface
is an extension of Zend\Permissions\Rbac\AssertionInterface
, that is an interface to implement dynamic assertions in RBAC.
A dynamic assertion is an optional additional check that can be implemented to specialize the authorization based on additional information taken from the request. In many cases, you will not need such dynamic assertion, and if you don't provide a ZendRbacAssertionInterface
service the ZendRbac
adapter will not use it. I designed to be passed as optional dependency in ZendRbac
because we need a single class to be able to react based on the request, see the setRequest() usage here. If we add it in the isGranted()
method, how we can pass different assertion classes? If you see the ZendRbacAssertionInterface
as a factory (or routing) class, you can specialize it to consume specific classes for different business logic, based on the HTTP request.
Provide a narrative description of what you are trying to accomplish.
Why is
ZendRbacAssertionInterface
is directly injected inZendRbac
itself? It prevents from having a per-access control assertion configuration and implies having a potential whole set of assertions living within one class. I'd expect the assertion to be passed throughZend\Expressive\Authorization\Rbac\ZendRbac::isGranted
method.Maybe am I missing something about the way it's been designed?