docs/5.Using the Authorization Service.md
# Using the Authorization Service
Learn how to inject and use the Authorization Service helpers and plugins.
## Injection
How to inject the authorization service.
### Using Service Manager
The Authorization Service can be fetched using `Zend\ServiceManager\ServiceManager`.
The key is `Eye4web\Zf2Abac\Service\AuthorizationService`.
Here is an example using a factory:
```php
/**
* Create service
*
* @param ServiceLocatorInterface $serviceLocator
* @return Service
*/
public function createService(ServiceLocatorInterface $serviceLocator)
{
/** @var \Eye4web\Zf2Abac\Service\AuthorizationService $authorizationService */
$authorizationService = $serviceLocator->get('Eye4web\Zf2Abac\Service\AuthorizationService');
return new Service($authorizationService);
}
```
## Assertion manager
In order to use assertions, you will have to register them in your config.
The `Eye4web\Zf2Abac\Assertion\AssertionPluginManager` will use the config to create the assertions.
Now that you have created your Assertion, you'll need to add it in your configuration. The configuration needs to place placed in your `./config/autoload/`
`zf2_abac.global.php`
```php
<?php
return [
'eye4web_abac' => [
'assertion_manager' => [
'factories' => [
'Assertion Name' => 'Assertion Factory',
]
]
],
];
```
## hasPermission method explained
Common for both the Authorization Service, the Controller Plugin and the View Helper is the method hasPermission.
The method works exact the same, and is used by:
``hasPermission($assertionName, $value, array $attributes)``
* **$assertionName** represents the name of your assertion. For example board.view.
* **$value** represents the value of the assertion. In our example it would be the name of the board.
* **$attributes** represents an array of values for the attributes. This would for example be the age, if this is used for validation in our assertion.
## Check for permissions in a Service
This is an example on how to check permissions in a service
```php
/** @var \Eye4web\Zf2Abac\Service\AuthorizationService */
protected $authorizationService;
public function __construct(\Eye4web\Zf2Abac\Service\AuthorizationServiceInterface $authorizationService)
{
$this->authorizationService = $authorizationService;
}
public function doSomething(Board $board, User $user)
{
// Perform check
$role = $user->getRole();
if (!$this->authorizationService->hasPermission('board.view', $board->getName(), ['role' => $role->getId()])) {
throw new \Exception('Not granted');
}
// do something
}
```
## Using the Controller Plugin
`Eye4web\Zf2Abac` comes with a Controller Plugin ready for use.
```php
pulic function indexAction()
{
$user = $this->identityProvider()->getIdentity();
$role = $user->getRole();
if (!$this->hasPermission('board.view', 'boardName', ['role' => $role->getId()]) {
throw new \Exception('You are not allowed to access this board');
}
}
```
## Using the View Helper
`Eye4web\Zf2Abac` comes with a View Helper ready for use.
```php
<?php if (!$this->hasPermission('board.view', 'boardName', ['role' => $role->getId()])) { ?>
You are not allowed to see this board
<?php } ?>
```
* Back to [the Index](/docs/README.md)