PHP-Casbin
====
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/php-casbin/php-casbin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/php-casbin/php-casbin/?branch=master)
[![Default](https://github.com/php-casbin/php-casbin/workflows/build/badge.svg?branch=master)](https://github.com/php-casbin/php-casbin/actions)
[![Coverage Status](https://coveralls.io/repos/github/php-casbin/php-casbin/badge.svg)](https://coveralls.io/github/php-casbin/php-casbin)
[![Latest Stable Version](https://poser.pugx.org/casbin/casbin/v/stable)](https://packagist.org/packages/casbin/casbin)
[![Total Downloads](https://poser.pugx.org/casbin/casbin/downloads)](https://packagist.org/packages/casbin/casbin)
[![License](https://poser.pugx.org/casbin/casbin/license)](https://packagist.org/packages/casbin/casbin)
[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/casbin/lobby)
[Documentation](https://casbin.org/docs/en/overview) | [Tutorials](https://github.com/php-casbin/casbin-tutorials) | [Extensions](https://github.com/php-casbin)
**Breaking News**: [Laravel-authz](https://github.com/php-casbin/laravel-authz) is now available, an authorization library for the Laravel framework.
**PHP-Casbin** is a powerful and efficient open-source access control library for PHP projects. It provides support for enforcing authorization based on various [access control models](https://en.wikipedia.org/wiki/Computer_security_model).
## All the languages supported by Casbin:
[![golang](https://casbin.org/img/langs/golang.png)](https://github.com/casbin/casbin) | [![java](https://casbin.org/img/langs/java.png)](https://github.com/casbin/jcasbin) | [![nodejs](https://casbin.org/img/langs/nodejs.png)](https://github.com/casbin/node-casbin) | [![php](https://casbin.org/img/langs/php.png)](https://github.com/php-casbin/php-casbin)
----|----|----|----
[Casbin](https://github.com/casbin/casbin) | [jCasbin](https://github.com/casbin/jcasbin) | [node-Casbin](https://github.com/casbin/node-casbin) | [PHP-Casbin](https://github.com/php-casbin/php-casbin)
production-ready | production-ready | production-ready | production-ready
[![python](https://casbin.org/img/langs/python.png)](https://github.com/casbin/pycasbin) | [![dotnet](https://casbin.org/img/langs/dotnet.png)](https://github.com/casbin/Casbin.NET) | [![delphi](https://casbin.org/img/langs/delphi.png)](https://github.com/casbin4d/Casbin4D) | [![rust](https://casbin.org/img/langs/rust.png)](https://github.com/casbin/casbin-rs)
----|----|----|----
[PyCasbin](https://github.com/casbin/pycasbin) | [Casbin.NET](https://github.com/casbin/Casbin.NET) | [Casbin4D](https://github.com/casbin4d/Casbin4D) | [Casbin-RS](https://github.com/casbin/casbin-rs)
production-ready | production-ready | experimental | production-ready
## Installation
Require this package in the `composer.json` of your project. This will download the package:
```
composer require casbin/casbin
```
## Get started
1. New a Casbin enforcer with a model file and a policy file:
```php
require_once './vendor/autoload.php';
use Casbin\Enforcer;
$e = new Enforcer("path/to/model.conf", "path/to/policy.csv");
```
2. Add an enforcement hook into your code right before the access happens:
```php
$sub = "alice"; // the user that wants to access a resource.
$obj = "data1"; // the resource that is going to be accessed.
$act = "read"; // the operation that the user performs on the resource.
if ($e->enforce($sub, $obj, $act) === true) {
// permit alice to read data1
} else {
// deny the request, show an error
}
```
## Table of contents
- [Supported models](#supported-models)
- [How it works?](#how-it-works)
- [Features](#features)
- [Documentation](#documentation)
- [Online editor](#online-editor)
- [Tutorials](#tutorials)
- [Policy management](#policy-management)
- [Policy persistence](#policy-persistence)
- [Role manager](#role-manager)
- [Examples](#examples)
- [Middlewares](#middlewares)
- [Our adopters](#our-adopters)
## Supported models
1. [**ACL (Access Control List)**](https://en.wikipedia.org/wiki/Access_control_list)
2. **ACL with [superuser](https://en.wikipedia.org/wiki/Superuser)**
3. **ACL without users**: especially useful for systems that don't have authentication or user log-ins.
3. **ACL without resources**: some scenarios may target for a type of resources instead of an individual resource by using permissions like ``write-article``, ``read-log``. It doesn't control the access to a specific article or log.
4. **[RBAC (Role-Based Access Control)](https://en.wikipedia.org/wiki/Role-based_access_control)**
5. **RBAC with resource roles**: both users and resources can have roles (or groups) at the same time.
6. **RBAC with domains/tenants**: users can have different role sets for different domains/tenants.
7. **[ABAC (Attribute-Based Access Control)](https://en.wikipedia.org/wiki/Attribute-Based_Access_Control)**: syntax sugar like ``resource.Owner`` can be used to get the attribute for a resource.
8. **[RESTful](https://en.wikipedia.org/wiki/Representational_state_transfer)**: supports paths like ``/res/*``, ``/res/:id`` and HTTP methods like ``GET``, ``POST``, ``PUT``, ``DELETE``.
9. **Deny-override**: both allow and deny authorizations are supported, deny overrides the allow.
10. **Priority**: the policy rules can be prioritized like firewall rules.
## How it works?
In php-casbin, an access control model is abstracted into a CONF file based on the **PERM metamodel (Policy, Effect, Request, Matchers)**. So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.
The most basic and simplest model in php-casbin is ACL. ACL's model CONF is:
```ini
# Request definition
[request_definition]
r = sub, obj, act
# Policy definition
[policy_definition]
p = sub, obj, act
# Policy effect
[policy_effect]
e = some(where (p.eft == allow))
# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act
```
An example policy for ACL model is like:
```
p, alice, data1, read
p, bob, data2, write
```
It means:
- alice can read data1
- bob can write data2
## Features
What php-casbin does:
1. enforce the policy in the classic ``{subject, object, action}`` form or a customized form as you defined, both allow and deny authorizations are supported.
2. handle the storage of the access control model and its policy.
3. manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
4. support built-in superuser like ``root`` or ``administrator``. A superuser can do anything without explict permissions.
5. multiple built-in operators to support the rule matching. For example, ``keyMatch`` can map a resource key ``/foo/bar`` to the pattern ``/foo*``.
What php-casbin does NOT do:
1. authentication (aka verify ``username`` and ``password`` when a user logs in)
2. manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and php-casbin is not designed as a password container. However, php-casbin stores the user-role mapping for the RBAC scenario.
## Documentation
https://casbin.org/docs/en/overview
## Online editor
You can also use the online editor (http://casbin.org/editor/) to write your php-casbin model and policy in your web browser. It provides functionality such as ``syntax highlighting`` and ``code completion``, just like an IDE for a programming language.
## Tutorials
https://casbin.org/docs/en/tutorials
## Policy management
php-casbin provides two sets of APIs to manage permissions:
- [Management API](https://github.com/php-casbin/php-casbin/blob/master/src/ManagementApi.php): the primitive API that provides full support for php-casbi
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
PHP的Casbin | | 最新消息: 现在可用,它是Laravel框架的授权库。 PHP-Casbin是一个功能强大且高效的开源项目,用于PHP项目。 它为基于各种授权实施提供支持。 Casbin支持的所有语言: 准备生产 准备生产 准备生产 准备生产 准备生产 准备生产 实验性的 准备生产 安装 在项目的composer.json中需要此软件包。 这将下载软件包: composer require casbin/casbin 开始吧 新建一个带有模型文件和策略文件的Casbin强制程序: require_once './vendor/autoload.php' ; use
资源详情
资源评论
资源推荐
收起资源包目录
php-casbin:一个授权库,支持PHP中的访问控制模型,如ACL,RBAC,ABAC (107个子文件)
rbac_with_domain_pattern_model.conf 262B
rbac_with_all_pattern_model.conf 262B
rbac_with_domains_model.conf 261B
rbac_with_deny_model.conf 260B
rbac_with_pattern_model.conf 246B
rbac_with_resource_roles_model.conf 235B
rbac_with_not_deny_model.conf 229B
rbac_model.conf 223B
priority_model.conf 223B
keymatch_custom_model.conf 218B
basic_with_root_model.conf 213B
keymatch2_model.conf 213B
keymatch_model.conf 212B
abac_rule_model.conf 202B
ipmatch_model.conf 201B
basic_model.conf 194B
error_model.conf 193B
basic_without_users_model.conf 166B
basic_without_resources_model.conf 166B
abac_model.conf 164B
rbac_with_pattern_policy.csv 321B
priority_policy.csv 287B
rbac_with_hierarchy_with_domains_policy.csv 271B
rbac_with_hierarchy_policy.csv 217B
rbac_with_deny_policy.csv 179B
rbac_with_domains_policy.csv 174B
rbac_with_domain_pattern_policy.csv 169B
keymatch_policy.csv 165B
rbac_with_resource_roles_policy.csv 153B
rbac_policy.csv 122B
rbac_with_all_pattern_policy.csv 102B
keymatch2_policy.csv 81B
abac_rule_policy.csv 65B
ipmatch_policy.csv 59B
basic_policy.csv 42B
basic_inverse_policy.csv 42B
error_policy.csv 39B
priority_indeterminate_policy.csv 37B
basic_policy_test.csv 31B
basic_without_users_policy.csv 30B
basic_without_resources_policy.csv 28B
rbac_policy_test.csv 0B
.gitignore 75B
test.ini 699B
composer.json 925B
LICENSE 11KB
README.md 14KB
README_CN.md 14KB
phpstan.neon 155B
CoreEnforcer.php 18KB
ManagementEnforcer.php 16KB
EnforcerTest.php 16KB
Enforcer.php 11KB
Policy.php 11KB
EnforcerTest.php 10KB
ManagementEnforcerTest.php 10KB
CoreEnforcerTest.php 9KB
RoleManager.php 9KB
ModelTest.php 7KB
BuiltinOperations.php 7KB
Config.php 6KB
BuiltinOperationsTest.php 6KB
InternalEnforcer.php 5KB
FileAdapter.php 5KB
Model.php 5KB
RoleManagerTest.php 5KB
FileFilteredAdapter.php 4KB
PolicyTest.php 4KB
UtilTest.php 3KB
Util.php 3KB
Role.php 2KB
ConfigTest.php 2KB
RoleManager.php 2KB
FileFilteredAdapterTest.php 2KB
Roles.php 2KB
DefaultLogger.php 2KB
CachedEnforcer.php 2KB
Assertion.php 2KB
CachedEnforcerTest.php 2KB
DefaultEffector.php 2KB
Adapter.php 1KB
FunctionMap.php 1KB
AdapterHelper.php 1KB
ConfigContract.php 1KB
Log.php 1KB
Watcher.php 912B
DefaultLoggerTest.php 824B
BatchAdapter.php 779B
Logger.php 775B
FileAdapterTest.php 726B
FilteredAdapter.php 679B
Filter.php 654B
UpdatableAdapter.php 590B
LogTest.php 584B
Effector.php 441B
User.php 286B
InvalidFilterTypeException.php 198B
BatchOperationException.php 195B
CannotSaveFilteredPolicy.php 194B
InvalidFilePathException.php 194B
共 107 条
- 1
- 2
是十五呀
- 粉丝: 23
- 资源: 4635
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0