Skip to content

UPGRADE.md

Latest commit

 

History

History
54 lines (41 loc) · 3.16 KB

UPGRADE.md

File metadata and controls

54 lines (41 loc) · 3.16 KB

Upgrade guide

From zfc-rbac v2.x to LmcRbacMvc v3.0

  • [BC] The namespace has been changed to LmcRbacMvc
  • [BC] The zfc_rbac configuration key has been changed to lmc_rbac
  • Requires PHP 7.2 or later
  • Requires Laminas MVC components 3.x or later
  • Uses PSR-4 autoload

Previous zfc-rbac versions

From v2.2 to v2.3

  • No BC

From v2.1 to v2.2

  • [Potential BC] To simplify unit tests, we have introduced a new AuthorizationServiceInterface that the AuthorizationService now implements. We didn't touch any interface (such as AssertionInterface) that rely explicitly on typehinting the AuthorizationService to avoid big BC. However, we have updated the view helper and controller plugins to use the interface instead. This can lead to a BC if you created subclasses of those plugins (which is not a typical use case). If this is the case, just change AuthorizationService to AuthorizationServiceInterface.

From v2.0 to v2.1

  • [Potential BC] A potential BC have been introduced in v2.1 to respect interfaces of RBAC component more strictly. However there is great chance that you have nothing to do. Now, ZfcRbac no longer cast permissions to string before passing it to your "hasPermission" method in the Role entity. If you used to call isGranted using a string permission, like this: isGranted('myPermission'), then you have nothing to do. However, if you are passing a PermissionInterface object, you will now receive this object instead of a string. It's up to you to getting the name from your permission.

From v1 to v2

Here are the major breaking changes from ZfcRbac 1 to ZfcRbac 2:

  • [BC] Dependency to the ZF2 RBAC component has been replaced in favour of a ZF3 prototype which fixes a lot of design issues.
  • [BC] ZfcRbac no longer accepts multiple role providers. Therefore, the option role_providers has been renamed to role_provider
  • [BC] Permission providers are gone (hence, the options permission_providers as well as permission_manager should be removed). Instead, roles now embed all the necessary information
  • [BC] The redirect_to_route option for the RedirectStrategy is gone. Instead, we now have two options: redirect_to_route_connected and redirect_to_route_disconnected. This solves an issue when people used to have a guard on login for non-authenticated users only, which leaded to circular redirections.
  • [BC] The default protection policy is now POLICY_ALLOW. POLICY_DENY was way too restrictive and annoying to work with by default.
  • [BC] isGranted method of the AuthorizationService no longer accepts an assertion as a second parameter. Instead, the AuthorizationService now has an assertion map, that allows to map an assertion to a permission. This allows to inject dependencies into assertions, as well as making the use of assertions much more transparent.
  • [BC] Each assertions now receive the whole AuthorizationService instead of the current identity. This allows to support use cases where an assertion needs to check another permission.
  • [BC] Entity schema for hierarchical role have changed and no longer require to implement RecursiveIterator. Please have a look at the new schema in the data folder.