One of the first issues a developer runs into when dealing with ZF2 modules is how to arrange assets between modules. This presentation covers such issue.
More can be found on this blog post: http://www.mvassociati.it/en/gems/php/asset-management-zend-framework-2
Deprecated: Foundations of Zend Framework 2Adam Culp
DEPRECATED-Please see http://www.slideshare.net/adamculp/foundations-of-zendframework for updated version.
For this talk Adam Culp will cover a basic intro to Zend Framework 2 (ZF2) and how to use the foundational pieces. We will discover how to get a Zend Framework 2 application up and running quickly using GitHub, Composer, and the Zend Framework 2 Skeleton Application. Then we will leverage the Zend Skeleton Module to introduce adding modules to a Zend Framework 2 application.
We will also cover basic usage of the ZF2 module manager, event manager, service manager, and database components. Adam will also introduce some useful resources to help attendees continue learning on their own. The goal of the talk is to give attendees enough information to be able to get a jump start into using ZF2.
In this talk we show the skeleton web application for Zend Framework 2. We introduce the new features of the framework, such as the new MVC layer, the Event Manager, the Dependency Injection and much more. The aim of this talk is how to start to programming using ZF2.
ZF2 Modular Architecture - Taking advantage of itSteve Maraspin
Zend Framework 1 had modules. Their name is pretty much everything Zend Framework 2 modules share with them, though. The whole framework architecture has been rewritten to encourage software reuse and extension. In this talk I’ll share our experiences on ZF2 module creation and usage.
Zend Framework 2 (ZF2) is an open source, object oriented Framework designed for developing web applications and services using PHP 5.3+. This presentation covers an overview on Zend 2, advantages of using this and installation process.
One of the first issues a developer runs into when dealing with ZF2 modules is how to arrange assets between modules. This presentation covers such issue.
More can be found on this blog post: http://www.mvassociati.it/en/gems/php/asset-management-zend-framework-2
Deprecated: Foundations of Zend Framework 2Adam Culp
DEPRECATED-Please see http://www.slideshare.net/adamculp/foundations-of-zendframework for updated version.
For this talk Adam Culp will cover a basic intro to Zend Framework 2 (ZF2) and how to use the foundational pieces. We will discover how to get a Zend Framework 2 application up and running quickly using GitHub, Composer, and the Zend Framework 2 Skeleton Application. Then we will leverage the Zend Skeleton Module to introduce adding modules to a Zend Framework 2 application.
We will also cover basic usage of the ZF2 module manager, event manager, service manager, and database components. Adam will also introduce some useful resources to help attendees continue learning on their own. The goal of the talk is to give attendees enough information to be able to get a jump start into using ZF2.
In this talk we show the skeleton web application for Zend Framework 2. We introduce the new features of the framework, such as the new MVC layer, the Event Manager, the Dependency Injection and much more. The aim of this talk is how to start to programming using ZF2.
ZF2 Modular Architecture - Taking advantage of itSteve Maraspin
Zend Framework 1 had modules. Their name is pretty much everything Zend Framework 2 modules share with them, though. The whole framework architecture has been rewritten to encourage software reuse and extension. In this talk I’ll share our experiences on ZF2 module creation and usage.
Zend Framework 2 (ZF2) is an open source, object oriented Framework designed for developing web applications and services using PHP 5.3+. This presentation covers an overview on Zend 2, advantages of using this and installation process.
Conduct a few internal pen tests and you’re bound to come across Jenkins, the world’s most popular build automation server. When you encounter it, what do you do? Go beyond a 5-minute Google search and checking for open script consoles. This talk dives into various ways to exploit Jenkins and how to move laterally into sensitive systems.
Video of the presentation: http://www.youtube.com/watch?v=8z3h4Uv9YbE
At LinkedIn, we have started to use the Play Framework to build front-end and back-end services at massive scale. Play does things a little differently: it's a Java and Scala web framework, but it doesn't follow the servlet spec; it's fairly new, but it runs on top of robust technologies like Akka and Netty; it uses a thread pool, but it's built for non-blocking I/O and reactive programming; most importantly, it's high performance, but also high productivity. We've found that the Play Framework is one of the few frameworks that is able to maintain the delicate balance of performance, reliability, and developer productivity. In the Java and Scala world, nothing even comes close. In this talk, I'll share what we've learned so far, including details of rapid iteration with Java and Scala, the story behind async I/O on the JVM, support for real time web apps (comet, WebSockets), and integrating Play into a large existing codebase.
Most learning materials for web app pentesting focus on “old school” apps. Maybe they have a little jQuery sprinkled in, but most of the heavy-lifting happens server-side. With the dawn of frontend frameworks like AngularJS, Vue, and React and Single-Page Applications, the way web apps are developed is changing, and pentesters need to keep up. This talk runs through common security issues with and approaches to testing these new apps.
Browser Serving Your We Application Security - ZendCon 2017Philippe Gamache
One important concept in web application security is defense in depth. You protect your server, your network, your database, and your application, but what about the user browser? Can it be done?
Yes! Several new technologies and protocols to assist security has been added to the browsers. Several should be added, activated, and configured from your web server or webpage. In this session we'll explore these technologies and learn how to use them. You’ll learn about the Robots meta tags (for crawlers indexing), browsing compatibility, XSS and clickjacking protection, SSL/TLS Control, and content security policy.
Learn the concepts of PSR-7 middleware with Zend Expressive and how your application could be developed from scratch adapting those concepts with a new mindset. You'll see the different approaches, advantages and disadvantages, and the contrast of this paradigm and other more conventional paradigms.
A little presentation about how we squeezed Symfony to implement some sort of SOA
better see here
https://docs.google.com/presentation/d/1TnDjbERj8F6UgqbZ7fJQsAL6yfg5G56G1iTqSzeTUE8/pub?start=false&loop=false&delayms=3000
Conduct a few internal pen tests and you’re bound to come across Jenkins, the world’s most popular build automation server. When you encounter it, what do you do? Go beyond a 5-minute Google search and checking for open script consoles. This talk dives into various ways to exploit Jenkins and how to move laterally into sensitive systems.
Video of the presentation: http://www.youtube.com/watch?v=8z3h4Uv9YbE
At LinkedIn, we have started to use the Play Framework to build front-end and back-end services at massive scale. Play does things a little differently: it's a Java and Scala web framework, but it doesn't follow the servlet spec; it's fairly new, but it runs on top of robust technologies like Akka and Netty; it uses a thread pool, but it's built for non-blocking I/O and reactive programming; most importantly, it's high performance, but also high productivity. We've found that the Play Framework is one of the few frameworks that is able to maintain the delicate balance of performance, reliability, and developer productivity. In the Java and Scala world, nothing even comes close. In this talk, I'll share what we've learned so far, including details of rapid iteration with Java and Scala, the story behind async I/O on the JVM, support for real time web apps (comet, WebSockets), and integrating Play into a large existing codebase.
Most learning materials for web app pentesting focus on “old school” apps. Maybe they have a little jQuery sprinkled in, but most of the heavy-lifting happens server-side. With the dawn of frontend frameworks like AngularJS, Vue, and React and Single-Page Applications, the way web apps are developed is changing, and pentesters need to keep up. This talk runs through common security issues with and approaches to testing these new apps.
Browser Serving Your We Application Security - ZendCon 2017Philippe Gamache
One important concept in web application security is defense in depth. You protect your server, your network, your database, and your application, but what about the user browser? Can it be done?
Yes! Several new technologies and protocols to assist security has been added to the browsers. Several should be added, activated, and configured from your web server or webpage. In this session we'll explore these technologies and learn how to use them. You’ll learn about the Robots meta tags (for crawlers indexing), browsing compatibility, XSS and clickjacking protection, SSL/TLS Control, and content security policy.
Learn the concepts of PSR-7 middleware with Zend Expressive and how your application could be developed from scratch adapting those concepts with a new mindset. You'll see the different approaches, advantages and disadvantages, and the contrast of this paradigm and other more conventional paradigms.
A little presentation about how we squeezed Symfony to implement some sort of SOA
better see here
https://docs.google.com/presentation/d/1TnDjbERj8F6UgqbZ7fJQsAL6yfg5G56G1iTqSzeTUE8/pub?start=false&loop=false&delayms=3000
Error Reporting in ZF2: form messages, custom error pages, loggingSteve Maraspin
Errors frustrate users. No matter if it's their fault or applications', risks that they'll lose interest in our product is high. In this presentation, given at the Italian ZFDay 2014, I discuss about these issues and provide some hints for improving error reporting and handling.
Scaling Symfony2 apps with RabbitMQ - Symfony UK MeetupKacper Gunia
Slides from my talk at Symfony UK Meetup. London, 20 Aug 2014. http://twitter.com/cakper
Video: https://www.youtube.com/watch?v=cha92Og9M5A
More Domain-Driven Design related content at: https://domaincentric.net/
Unit testing, everyone talks about it and wants to do it but never gets around to actually start testing. Complex spaghetti code and time / budget pressures are often the reasons why nobody dives in and gets started with testing. But when the application breaks, and people loose money or worse it's often too late.
In this talk I will take you on a journey with real examples that will show you how you can set up your tests, how to test complex situations with legacy spaghetti code, test web services, database interactions and how to gradually build a solid foundation to safeguard the core code base and everything around it.
Don't you want to be confident when you walk out the office?
One of the most prolific parts of Zend Framework 2 is the Service Manager. Its many nooks and crannies dictate much of what happens inside our Zend Framework 2 applications and is incredibly powerful. Let's look into exactly what the Service Manager allows us to do and how we can take advantage of it for cleaner, and faster, code.
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)Wim Godden
Slides from the Zend Webinar on 'Creating fast and dynamic ACLs in Zend Framework' (15 June 2011).
Zend Framework's Access Control Layer system is simple and straight-forward; however, as the number of rules increase in size and complexity, maintenance and performance suffer. The solution: a dynamic, reflection-based ACL system, with built-in caching. Sound complicated?
Don't worry, it's easy to setup and a lot easier to manage! Join this webinar to learn how!
Presenter: Wim Godden
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
FIWARE Wednesday Webinar - How to Secure IoT Devices (22nd April 2020)
Corresponding webinar recording: https://youtu.be/_87IZhrYo3U
Live coding session and commentary, demonstrating various techniques and methods for securing the interactions between Devices, IoT Agents and the Context Broker
Chapter: Security
Difficulty: 3
Audience: Any Technical
Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
Just as a good chess player thinks five moves ahead, a great penetration tester should be able to visualize their attack in order to compromise high-value targets. This presentation will explore how a penetration tester can learn to leverage attack chaining for maximum impact. A penetration test is supposed to be a simulation of a real-world attack. Real-world attackers do not use expensive automated tools or a checklist. Nor do they use a single technique or exploit to compromise a target. More commonly they combine several techniques, vulnerabilities, and exploits to create a “chained” attack that achieves a malicious goal. Chained attacks are far more complex and far more difficult to defend against. We want to explore how application vulnerabilities relate to one another and build a mind map that guides penetration testers through various attack scenarios. Prepare to be blown away on this roller coaster ride with real-world examples of massive compromises. If you are not a thrill seeker, this presentation may leave you a bit queasy.
With third party clients connecting to your service you may find that the assumptions or opinions of a typical rails application are not robust enough. We'll run through some key considerations when building an API that will be consumed by a mobile app.
Beware the potholes on the road to serverlessYan Cui
Looking in from the outside, serverless seems so simple! And yet, many companies are struggling on their journey to serverless. In this talk, I highlight a number of mistakes companies are making when they adopt serverless.
Topic: Art of Web Backdoor
Speaker: Pichaya Morimoto
Event: 2600 Thailand Meeting #5
Date: September 6, 2013
Video: https://www.youtube.com/watch?v=QIXTPPBfLyI
Slides for Building Better Backdoors with WMI - DerbyCon 2017 - Legacy
Code:
https://github.com/0xbadjuju/PowerProvider/
https://github.com/0xbadjuju/WheresMyImplant
OSCP Exam Preparation Documents.
In This document, we download one vulnerable machine VM image and start analysis on the machine and get root privileged.
Review unknown code with static analysis - bredaphpDamien Seguy
Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code code : no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?
Drupal core is a secure product, but how secure are contrib modules? And custom ones?
This session is about proper use of the drupal api's and some best practices for secure drupal development.
Are NOSQL Datastores just containers? Is typical classification based on data model everything? Highlighting some pros and cons of using different NoSQL solutions. It also introduces two key concepts: NoSQL aren't replacements, but adjuvants to RDBMS, and schemaless is a lie.
Moduli su Zend Framework 2: come sfruttarliStefano Valle
Presentazione sui moduli introdotti in Zend Framework 2, tenuta allo Zend Framework Day del 01/02/2013 a Milano.
Come organizzo il mio modello, se le entità di base sono condivise tra più moduli? La mia applicazione ha anche un pannello amministrativo: dove metto viste e file del front-end? Come gestisco le eventuali dipendenze esterne? In questo talk cerco di rispondere a queste e altre domande relative all'organizzazione di un progetto ZF2, condividendo la mia esperienza pratica, i dubbi che mi sono posto, e le soluzioni che ho adottato. Non sempre le risposte sono state scontate, a maggior ragione dato che - quale sviluppatore ZF1 - non ero abituato all'uso dei moduli - così come intesi in ZF2. L'introduzione degli stessi può rappresentare una vera e propria svolta; è però fondamentale organizzare opportunamente il proprio progetto, dato che le reali possibilità di riuso dipendono in buona parte proprio da una buona organizzazione del proprio codice.
Stime e preventivi in un contesto di sviluppo agileStefano Valle
Slide del seminario su stime e preventivi in un contesto di sviluppo agile, tenuto presso il Distretto delle Tecnologie Digitali, a Udine, il 14/07/2012
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
10. Two step process
WHO
WHAT
Authentication
“a process that ensures and confirms
a user’s identity”
Authorization
“a security mechanism used to determine
user/client privileges or access levels
related to system resources”
Definitions from http://www.techopedia.com
29. Installing and enabling ZfcUser
// composer.json
"require": {
"zf-commons/zfc-user-doctrine-orm": "0.1.*"
}
let’s suppose we use the Doctrine ORM
29
40. ZfcUser also allows to:
•
•
•
•
•
40
Customize login form
Customize User entity fields
Quickly implement a registration form
Interact with either Zend/DB or Doctrine
out of the box
Do much more stuff…
41. ZfcUser also allows to:
•
•
•
•
•
41
Customize login form
Customize User entity fields
Quickly implement a registration form
Interact with either Zend/DB or Doctrine
out of the box
Do much more stuff…
51. What if
a malicious user…
…hits this url:
http://myawesomewebsite/admin/conferences
52. What if
a malicious user…
…hits this url:
http://myawesomewebsite/admin/conferences
accessible to everyone!
53. What if
a malicious user…
…hits this url:
http://myawesomewebsite/admin/conferences
nothing’s protecting
our private area
54. What if
a malicious user…
…hits this url:
http://myawesomewebsite/admin/conferences
nothing’s protecting
our private area
Login form could be
bypassed!
55. No worries!
/*
* On each action
*/
<?php
public function indexAction() {
if (!$this->zfcUserAuthentication()->hasIdentity())
{
return $this->redirect()->toRoute('home');
}
}
55
56. No worries!
/*
* On each action
*/
<?php
public function indexAction() {
if (!$this->zfcUserAuthentication()->hasIdentity())
{
return $this->redirect()->toRoute('home');
}
}
56
in EACH action
of EACH controller
62. Using Zend/Permissions/Acl
<?php
use ZendPermissionsAclAcl;
use ZendPermissionsAclRoleGenericRole as Role;
use ZendPermissionsAclResourceGenericResource as Resource;
$acl = new Acl();
$acl->addRole(new Role('guest'))
->addRole(new Role('admin'));
$acl->addResource(new
$acl->addResource(new
$acl->addResource(new
$acl->addResource(new
$acl->allow('guest',
$acl->allow('admin',
$acl->allow('admin',
$acl->allow('admin',
62
Resource('someResource'));
Resource('adminarea'));
Resource('adminconferencearea'));
Resource('adminsettingsarea'));
'someResource');
'adminarea');
'adminconferencearea ');
'adminsettingsarea ');
63. Welcome BjyAuthorize!
… a facade for ZendPermissionsAcl
that will ease its usage with modules
and applications …
From https://github.com/bjyoungblood/BjyAuthorize
63
64. Welcome BjyAuthorize!
… a facade for ZendPermissionsAcl
that will ease its usage with modules
and applications …
From https://github.com/bjyoungblood/BjyAuthorize
64
77. Guards on controller actions
class ConferencesController {
public function listAction() {
// code...
}
public function manageAction() {
// code...
}
}
77
78. Guards on controller actions
class ConferencesController {
public function listAction() {
// code...
}
Allowed
public function manageAction() {
// code...
}
}
78
to all users
79. Guards on controller actions
class ConferencesController {
public function listAction() {
// code...
}
Allowed
to all users
public function manageAction() {
// code...
}
}
79
Restricted area! For admins only
106. Another controller, another action
//Conferences/Controller/AnotherAdminController.php
class AnotherAdminController extends AbstractActionController {
public function someCrazyAction() {
//...
$this->conferenceService->updateConference($myConference);
}
}
What prevents this?
106
110. Let’s inject the Authorize class
//Conferences/Service/ConferenceServiceFactory.php
namespace ConferencesService;
class ConferenceServiceFactory implements FactoryInterface {
public function createService(ServiceLocatorInterface $serviceLocator)
{
//...
$authorize = $serviceLocator->get('BjyAuthorizeServiceAuthorize');
return new ConferenceService(..., $authorize);
}
}
110
111. Updated conference service
//Conferences/Service/ConferenceService.php
namespace ConferencesService;
class ConferenceService {
//...
public function updateConference($myConf) {
if (!$this->authorize->isAllowed($myConf, 'edit')) {
throw new UnAuthorizedException();
}
// other code...
} // the same for deleteConference method }
111
124. In the same way we could:
•
•
•
124
Restrict access to user owned
onferences only
or conferences owned by a group the
user is belonging to
…and much more!