Authorization

Set permission for example on Button

$button = new Mesour\UI\Button('testButton');

$button->setUserRole('guest');

$button->setTitle('Edit group')
    ->setType('primary');

$button->setAttribute('href', $button->link('/user/edit', ['id' => '{id}']));

//! setPermission($resource, $privilege);
$button->setPermission('group', 'edit');

echo $button->render();

And if user have not permission for resource group and privilege edit, this button will be disabled without all attributes with link.

Edit group

Interface Mesour\Components\Security\IAuthorizator

This interface is used by components to determine permissions. It only implements isAllowed method and some constants.

namespace Mesour\Components\Security;

/**
 * @author Matouš Němec (http://mesour.com)
 */
interface IAuthorizator
{

    /** Set type: all */
    const ALL = null;

    /** Permission type: allow */
    const ALLOW = true;

    /** Permission type: deny */
    const DENY = false;

    /**
     * Performs a role-based authorization.
     * @param string|array|IAuthorizator::ALL|IAuthorizator::ALLOW|IAuthorizator::DENY $role
     * @param string|array|IAuthorizator::ALL|IAuthorizator::ALLOW|IAuthorizator::DENY $resource
     * @param string|array|IAuthorizator::ALL|IAuthorizator::ALLOW|IAuthorizator::DENY $privilege
     * @return bool
     */
    public function isAllowed($role, $resource, $privilege);

}

Own implementation

Can implement your own authrozator and set it for application or component

$application = new \Mesour\UI\Application('mesourapp');

// set more on $application

$myAuthorizator = new MyAuthorizator();

$application->setAuthorizator(Mesour\Components\Security\IAuthorizator $myAuthorizator);

Current user role

Info Default is guest

Set user role(s) for current user on your application or component:

$application = new \Mesour\UI\Application('mesourapp');

$application->setRequest($_REQUEST);

//! set user role
$application->setUserRole('registered');

//! or set more roles for user

$application->setUserRole(['admin', 'registered']);

Use default authorizator

Here is some from Nette documentation:

We create an instance of Presmission and define the user roles. As roles may inherit each other, we may for example specify that administrator may do the same as an ordinary visitor (and of course more).

$acl = new Nette\Security\Permission;

// roles definition
$acl->addRole('guest');
$acl->addRole('registered', 'guest'); // registered inherits from guest
$acl->addRole('administrator', 'registered'); // and administrator inherits from registered

Now is the right time to define the set of resources that the users may acccess:

$acl->addResource('article');
$acl->addResource('comments');
$acl->addResource('poll');

And now the most important part. Roles and resources alone would do us no good, we have to create rules defining who can do what with whatever:

// everything is denied now

// guest may view articles, comments and polls
$acl->allow('guest', array('article', 'comments', 'poll'), 'view');

// registered user has also right to add comments
$acl->allow('registered', 'comments', 'add');

// administrator may also edit and add everything
$acl->allow('administrator', Permission::ALL, array('view', 'edit', 'add'));