Skip to content

semitexa/semitexa-authorization

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
src
src
 
 
tests/Integration
tests/Integration
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Semitexa Authorization

Policy-based access control with capability and permission guards and payload-level enforcement.

Purpose

Evaluates access policies on every guarded request. Resolves merged policies from class hierarchy, checks capabilities and permissions against the authenticated subject, and blocks unauthorized access at the pipeline level.

Role in Semitexa

Depends on semitexa/core and semitexa/auth. Used by semitexa/rbac and platform packages. Provides the enforcement layer that RBAC and other grant resolvers plug into.

Key Features

  • #[RequiresCapability], #[RequiresPermission], #[PublicEndpoint] attributes
  • PayloadAccessPolicyResolver merging policies from class hierarchy
  • AuthorizationListener guarding handler execution with 403 on failure
  • AuthenticatedSubject and GuestSubject types
  • Extensible via SubjectGrantResolverInterface (implemented by RBAC)

Notes

Authorization uses a SubjectGrantResolverInterface to resolve the authenticated subject's grants when an Authorizer is registered. If no SubjectGrantResolverInterface is available, capability and permission requirements fail closed. If no Authorizer is registered at all, the pipeline falls back to public-vs-protected endpoint handling only and skips grant evaluation.

About

Semitexa Authorization - policy-based access checks, guards, and permission evaluation

semitexa.com

Topics

permissions authorization access-control policies guards semitexa

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

11 tags

Packages

 
 
 

Contributors

Languages