リクエスト認証ミドルウェア
このミドルウェアは、controller や action 単位で request 自体を認可したい 場合に使います。
AuthorizationMiddleware の後に追加してください。
使用方法
src/Policy/RequestPolicy.php を作成します。
php
namespace App\Policy;
use Authorization\Policy\RequestPolicyInterface;
use Cake\Http\ServerRequest;
class RequestPolicy implements RequestPolicyInterface
{
public function canAccess($identity, ServerRequest $request)
{
if ($request->getParam('controller') === 'Articles'
&& $request->getParam('action') === 'index'
) {
return true;
}
return false;
}
}1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Application::getAuthorizationService() で request を policy にマップします。
php
use App\Policy\RequestPolicy;
use Authorization\AuthorizationService;
use Authorization\AuthorizationServiceInterface;
use Authorization\Middleware\AuthorizationMiddleware;
use Authorization\Middleware\RequestAuthorizationMiddleware;
use Authorization\Policy\MapResolver;
use Cake\Http\ServerRequest;
use Psr\Http\Message\ServerRequestInterface;
public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface
{
$mapResolver = new MapResolver();
$mapResolver->map(ServerRequest::class, RequestPolicy::class);
return new AuthorizationService($mapResolver);
}1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
php
public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
{
$middlewareQueue->add(new AuthorizationMiddleware($this));
$middlewareQueue->add(new RequestAuthorizationMiddleware());
return $middlewareQueue;
}1
2
3
4
5
6
7
2
3
4
5
6
7