All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
2.0.4 - 2024-12-29
- Allow PHP 8.4
2.0.3 - 2024-06-21
Firewall
- callbacks are marked as
@param-later-invoked-callable
- callbacks are marked as
- Allow PHP 8.3
2.0.2 - 2024-03-08
Firewall
isAllowed()
- fixparam-out
of$entries
- Requires
orisai/clock:^1.2.0
2.0.1 - 2023-10-18
- Password hashers - redact passwords
2.0.0 - 2023-03-01
AccessEntry
- represents a single check in a policygetType(): AccessEntryResult
- result of the checkgetMessage(): string|Translatable
- text description of what was checkedmatchAny(): MatchAnyOfEntries
,matchAll(): MatchAllOfEntries
shortcuts to construct && and || conditionsforRequiredPrivilege()
shortcut for (translated) required privilege entry
AccessEntryResult
allowed()
,forbidden()
,skipped()
fromBool()
- shortcut forallowed()
orforbidden()
MatchAllOfEntries
- for explicit && condition (implicit is default)MatchAnyOfEntries
- for || conditionPolicyContext
getLastExpiredLogin()
Policy
- uses
AccessEntry
instead ofDecisionReason
(also replaced inFirewall
andAuthorizer
isAllowed()
methods) - allows to add multiple
AccessEntry
(Firewall
andAuthorizer
isAllowed()
methods return an array)- instead of returning
bool
usesGenerator
which yields 1 or moreAccessEntry|MatchAllOfEntries|MatchAnyOfEntries
DecisionReason
removed from context (usesAccessEntry
yielding instead)
- instead of returning
- uses
Firewall
,Authorizer
isAllowed()
reason (DecisionReason
) replaced by entries (list<AccessEntry|MatchAllOfEntries|MatchAnyOfEntries>
)
Authorizer
- adds an entry for privilege when no policy is used
IdentityExpired
create()
usesstring|TranslatableMessage
directly instead ofDecisionReason
ExpiredLogin
getLogoutReason()
returnsstring|TranslatableMessage
directly instead ofDecisionReason
- root has exact same
hasPrivilege()
andisAllowed()
checks as other users- but always returns true (behavior remains unchanged)
- policies are executed to ensure their validity
- access entries are returned for root (to verify which entries would fail or be skipped without root)
- more accurate typehints (mostly changed
array
tolist
)
DecisionReason
- replaced by
string|Translatable
- replaced by