JSON Policy

# Introduction

This is the lightweight, zero-dependencies PHP framework that allows you to inject JSON policy functionality into any size project. Please refer to the Overview documentation if you need to learn more about the general concepts and how to prepare policies.

# Prerequisites

PHP 7.3+ (recommended), however, may run on PHP 7.0+;

# Installation

You can install the library via Composer with the following command:

composer require jsonpolicy/jsonpolicy-php

To install manually, clone the jsonpolicy/jsonpolicy-php(opens new window) repository and move all the files inside the src folder to the desired destination. Then simply register the autoload function as following

spl_autoload_register(function ($class_name) {
    if (strpos($class_name, 'JsonPolicy') === 0) {
        $filepath  = '<your-desired-folder>';
        $filepath .= str_replace(array('JsonPolicy', '\\'), array('', '/'), $class_name) . '.php';
    }

    if (!empty($filepath) && file_exists($filepath)) {
        require_once $filepath;
    }
});

# Quick Start

Let's imagine you are building an application that offers three membership plans "Silver", "Golden" and "Platinum". The user object contains the property groups that is an array of user groups. Group directly correlates to the plan by its name. The following snippet of code determines the user's access to each plan.

require __DIR__ . '/vendor/autoload.php';

use JsonPolicy\Manager as PolicyManager;

// Defining just a three dummy membership plans
class SilverPlan { }
class GoldenPlan {}
class PlatinumPlan {}

$manager = PolicyManager::bootstrap([
    'policies' => [
        file_get_contents(__DIR__ . '/policy.json')
    ],
    'context' => [
        'args' => [
            'user' => (object) [
                'id'     => 1,
                'groups' => [
                    'silver'
                ]
            ]
        ]
    ]
]);

$plans = [
    new SilverPlan,
    new GoldenPlan,
    new PlatinumPlan
];

foreach ($plans as $plan) {
    if ($manager->isAllowed($plan)) {
        printf("The %s is allowed\n", get_class($plan));
    } else {
        printf("The %s is denied\n", get_class($plan));
    }
}

The policy.json file contains the following policy:

{
    "Statement": [
        {
            "Effect": "deny",
            "Resource": "*"
        },
        {
            "Effect": "allow",
            "Resource": "SilverPlan",
            "Condition": {
                "In": {
                    "silver": "(*array)${ARGS.user.groups}"
                }
            }
        },
        {
            "Effect": "allow",
            "Resource": "GoldenPlan",
            "Condition": {
                "In": {
                    "golden": "(*array)${ARGS.user.groups}"
                }
            }
        },
        {
            "Effect": "allow",
            "Resource": "PlatinumPlan",
            "Condition": {
                "In": {
                    "platinum": "(*array)${ARGS.user.groups}"
                }
            }
        }
    ]
}

The output from the above execution is the following:

The SilverPlan is allowed
The GoldenPlan is denied
The PlatinumPlan is denied

Try to change the list of groups in the passed context when the policy manager is initialized with the PolicyManager::bootstrap method and observe how the output changes.

Policy Manager