An authorization library that supports access control models like ACL, RBAC, ABAC in Hyperf..
Require this package in the composer.json
of your Hyperf project. This will download the package.
$ composer require casbin/hyperf-permission -vvv
To publish the config, run the vendor publish command:
$ php bin/hyperf.php vendor:publish casbin/hyperf-permission
This will create a new model config file named config/autoload/casbin-rbac-model.conf
, a new permission config file named config/autoload/permission.php
and new migrate file named 2020_07_22_213202_create_rules_table.php
.
To migrate the migrations, run the migrate command:
$ php bin/hyperf.php migrate
This will create a new table named rules
.
Once installed you can do stuff like this:
use Hyperf\Permission\Casbin;
$casbin = new Casbin();
// adds permissions to a user
$casbin->addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
$casbin->addRoleForUser('eve', 'writer');
// adds permissions to a rule
$casbin->addPolicy('writer', 'articles', 'edit');
You can check if a user has a permission like this:
// to check if a user has permission
if ($casbin->enforce('eve', 'articles', 'edit')) {
// permit eve to edit articles
} else {
// deny the request, show an error
}
It provides a very rich api to facilitate various operations on the Policy:
Gets all roles:
Enforcer::getAllRoles(); // ['writer', 'reader']
Gets all the authorization rules in the policy.:
Enforcer::getPolicy();
Gets the roles that a user has.
Enforcer::getRolesForUser('eve'); // ['writer']
Gets the users that has a role.
Enforcer::getUsersForRole('writer'); // ['eve']
Determines whether a user has a role.
Enforcer::hasRoleForUser('eve', 'writer'); // true or false
Adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
Adds a permission for a user or role.
// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');
Deletes a role for a user.
Enforcer::deleteRoleForUser('eve', 'writer');
Deletes all roles for a user.
Enforcer::deleteRolesForUser('eve');
Deletes a role.
Enforcer::deleteRole('writer');
Deletes a permission.
Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).
Deletes a permission for a user or role.
Enforcer::deletePermissionForUser('eve', 'articles', 'read');
Deletes permissions for a user or role.
// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');
Gets permissions for a user or role.
Enforcer::getPermissionsForUser('eve'); // return array
Determines whether a user has a permission.
Enforcer::hasPermissionForUser('eve', 'articles', 'read'); // true or false
See Casbin API for more APIs.
You can contribute in one of three ways:
- File bug reports using the [issue tracker](https://github.com/php-casbin/hyperf-permission/issues).
- Answer questions or fix bugs on the [issue tracker](https://github.com/php-casbin/hyperf-permission/issues).
- Contribute new features or update the wiki.
The code contribution process is not very formal. You just need to make sure that you follow the PSR-0, PSR-1, and PSR-2 coding guidelines. Any new code contributions must be accompanied by unit tests where applicable.
Apache-2.0