SecurityExtension: uses configuration Schema

composer.json

@@ -24,6 +24,9 @@
 		"nette/tester": "^2.0",
 		"tracy/tracy": "^2.4"
 	},
+	"conflict": {
+		"nette/di": "<3.0"
+	},
 	"autoload": {
 		"classmap": ["src/"]
 	},

src/Bridges/SecurityDI/SecurityExtension.php

@@ -10,34 +10,46 @@
 namespace Nette\Bridges\SecurityDI;
 
 use Nette;
+use Nette\Schema\Expect;
 
 
 /**
  * Security extension for Nette DI.
  */
 class SecurityExtension extends Nette\DI\CompilerExtension
 {
-	public $defaults = [
-		'debugger' => null,
-		'users' => [], // of [user => password] or [user => ['password' => password, 'roles' => [role]]]
-		'roles' => [], // of [role => parent(s)]
-		'resources' => [], // of [resource => parent]
-	];
-
 	/** @var bool */
 	private $debugMode;
 
 
 	public function __construct(bool $debugMode = false)
 	{
-		$this->defaults['debugger'] = interface_exists(\Tracy\IBarPanel::class);
 		$this->debugMode = $debugMode;
 	}
 
 
+	public function getConfigSchema(): Nette\Schema\Schema
+	{
+		return Expect::structure([
+			'debugger' => Expect::bool(interface_exists(\Tracy\IBarPanel::class)),
+			'users' => Expect::arrayOf(
+				Expect::enum(
+					Expect::string(), // user => password
+					Expect::structure([ // user => password + roles
+						'password' => Expect::string(),
+						'roles' => Expect::enum(Expect::string(), Expect::listOf('string')),
+					])->castTo('array')
+				)
+			),
+			'roles' => Expect::arrayOf('string'), // role => parent(s)
+			'resources' => Expect::arrayOf('string'), // resource => parent
+		]);
+	}
+
+
 	public function loadConfiguration()
 	{
-		$config = $this->validateConfig($this->defaults);
+		$config = $this->config;
 		$builder = $this->getContainerBuilder();
 
 		$builder->addDefinition($this->prefix('passwords'))
@@ -50,15 +62,15 @@ public function loadConfiguration()
 		$user = $builder->addDefinition($this->prefix('user'))
 			->setFactory(Nette\Security\User::class);
 
-		if ($this->debugMode && $config['debugger']) {
+		if ($this->debugMode && $config->debugger) {
 			$user->addSetup('@Tracy\Bar::addPanel', [
 				new Nette\DI\Definitions\Statement(Nette\Bridges\SecurityTracy\UserPanel::class),
 			]);
 		}
 
-		if ($config['users']) {
+		if ($config->users) {
 			$usersList = $usersRoles = [];
-			foreach ($config['users'] as $username => $data) {
+			foreach ($config->users as $username => $data) {
 				$data = is_array($data) ? $data : ['password' => $data];
 				$this->validateConfig(['password' => null, 'roles' => null], $data, $this->prefix("security.users.$username"));
 				$usersList[$username] = $data['password'];
@@ -74,15 +86,15 @@ public function loadConfiguration()
 			}
 		}
 
-		if ($config['roles'] || $config['resources']) {
+		if ($config->roles || $config->resources) {
 			$authorizator = $builder->addDefinition($this->prefix('authorizator'))
 				->setType(Nette\Security\IAuthorizator::class)
 				->setFactory(Nette\Security\Permission::class);
 
-			foreach ($config['roles'] as $role => $parents) {
+			foreach ($config->roles as $role => $parents) {
 				$authorizator->addSetup('addRole', [$role, $parents]);
 			}
-			foreach ($config['resources'] as $resource => $parents) {
+			foreach ($config->resources as $resource => $parents) {
 				$authorizator->addSetup('addResource', [$resource, $parents]);
 			}