Add PHP adapter for ACL and Allow config#168
Merged
Merged
Conversation
Introduces AbstractAclAdapter and AbstractAllowAdapter holding the section-processing logic shared across all adapters. INI adapters now extend the base classes; new PhpAclAdapter, PhpAllowAdapter, YamlAclAdapter and YamlAllowAdapter only implement the file parsing step. YAML adapters require symfony/yaml, declared as a suggest dependency and used for tests via require-dev.
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #168 +/- ##
============================================
+ Coverage 67.59% 67.98% +0.38%
- Complexity 627 639 +12
============================================
Files 29 33 +4
Lines 1614 1646 +32
============================================
+ Hits 1091 1119 +28
- Misses 523 527 +4 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Master's new VitePress docs introduced a custom-adapters page that described tinyauth as having only INI-based stores. Update the intro to point at the now-three built-in formats so readers don't reach for a custom adapter when they just want a different file format.
Strip defensive quotes from comma-separated role/action lists where YAML's block-scalar rules tolerate them, and drop the unnecessary quotes around comma-bearing keys like 'edit,view' and 'view, edit'. Add header comments explaining when quoting IS required (only when a value/key starts with a YAML reserved character: *, !, &, >, |, etc.) so future readers don't reach for quotes by reflex. Tests still pass — the parsed structure is unchanged, only the on-disk shape is more idiomatic.
24ff611 to
8f3a8ef
Compare
Composer can pick the highest version compatible with the host PHP: v6.4 (PHP 8.1+), v7.x (PHP 8.2+) or v8.x (PHP 8.4+). Tinyauth's PHP floor is 8.2, so v8 is reachable for users on PHP 8.4+ without breaking the prefer-lowest path on 8.2/8.3.
dereuromark
commented
May 4, 2026
| Posts.Posts: | ||
| '*': '*' | ||
| Posts.Admin/Posts: | ||
| '*': '*' |
Owner
Author
There was a problem hiding this comment.
With the issues around * and ! it seems that this not too user friendly to work with
As long as we dont come up with a better parser format, only PHP would be useful right now IMO.
YAML treats `*` and `!` as reserved metasyntax (alias reference and tag), but those are exactly the characters TinyAuth's ACL grammar uses most: `*` for "all actions/roles" and `!action` / `!role` for negation. Every realistic YAML auth_acl.yml/auth_allow.yml ends up sprinkled with quoted keys, which is the opposite of "human-friendly" — and a fixture that needs a legend explaining what to quote is the wrong format for this domain. PHP arrays don't have this problem: `*` and `!index` are just strings, no escaping ceremony, IDE-friendly, no extra dependency. INI stays the zero-dependency default. The AbstractAclAdapter / AbstractAllowAdapter base classes from this PR are kept — INI and PHP both inherit from them, and a third-party YAML (or any other format) adapter is now ~30 lines for whoever wants it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #112.
Adds a PHP file backend alongside the existing INI adapters so users can pick a format that suits their config best.
What's added
IniAclAdapterIniAllowAdapterPhpAclAdapterPhpAllowAdapterBoth adapters share the section-processing logic via two new abstract base classes (
AbstractAclAdapter,AbstractAllowAdapter); each concrete adapter only implementsparseConfig()for its file format. The INI adapters were refactored onto the base classes — public behavior is unchanged and existing tests still pass.Switching adapters
The PHP files use the same
Plugin.Prefix/Controllersection keys andactions => roles(or comma-separated action list for Allow) as the INI variant. See the PHP fixtures undertests/test_files/for a full example.Why no YAML
A YAML adapter was prototyped here too, but dropped: YAML treats
*and!as reserved metasyntax (alias references and tags), and those are exactly the characters TinyAuth's grammar leans on the most —*for "all actions/roles" and!action/!rolefor negation. Every realisticauth_acl.ymlended up needing quoted keys, and a config file that requires a legend explaining what to quote is the wrong format for this domain. The new abstract base classes make a third-party YAML (or any other format) adapter trivial to add.Verification
vendor/bin/phpunit— 115 tests, all greenvendor/bin/phpstan analyse— cleanvendor/bin/phpcs— clean