Giters

zq557 / think-authz

An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP 6.0 .

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ThinkPHP 6.0 Authorization

Think-authz 是一个专为ThinkPHP6.0打造的授权(角色和权限控制)工具

Build Status Coverage Status Latest Stable Version Total Downloads License

它基于 Casbin, 一个强大的、高效的开源访问控制框架,它支持基于各种访问控制模型的权限管理。

在这之前,你需要了解 Casbin 的相关知识.

安装

使用composer安装:

composer require casbin/think-authz

注册服务,在应用的全局公共文件service.php中加入:

return [
    // ...

    tauthz\TauthzService::class,
];

发布配置文件和数据库迁移文件:

php think tauthz:publish

这将自动生成 config/tauthz-rbac-model.confconfig/tauthz.php 文件。

执行迁移工具(确保数据库配置信息正确):

php think migrate:run

这将创将创建名为 rules 的表。

用法

快速开始

安装成功后,可以这样使用:

use tauthz\facade\Enforcer;

// adds permissions to a user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
// adds permissions to a rule
Enforcer::addPolicy('writer', 'articles','edit');

You can check if a user has a permission like this:

// to check if a user has permission
if (Enforcer::enforce("eve", "articles", "edit")) {
    // permit eve to edit articles
} else {
    // deny the request, show an error
}

使用 Enforcer Api

It provides a very rich api to facilitate various operations on the Policy:

Gets all roles:

Enforcer::getAllRoles(); // ['writer', 'reader']

Gets all the authorization rules in the policy.:

Enforcer::getPolicy();

Gets the roles that a user has.

Enforcer::getRolesForUser('eve'); // ['writer']

Gets the users that has a role.

Enforcer::getUsersForRole('writer'); // ['eve']

Determines whether a user has a role.

Enforcer::hasRoleForUser('eve', 'writer'); // true or false

Adds a role for a user.

Enforcer::addRoleForUser('eve', 'writer');

Adds a permission for a user or role.

// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');

Deletes a role for a user.

Enforcer::deleteRoleForUser('eve', 'writer');

Deletes all roles for a user.

Enforcer::deleteRolesForUser('eve');

Deletes a role.

Enforcer::deleteRole('writer');

Deletes a permission.

Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).

Deletes a permission for a user or role.

Enforcer::deletePermissionForUser('eve', 'articles', 'read');

Deletes permissions for a user or role.

// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');

Gets permissions for a user or role.

Enforcer::getPermissionsForUser('eve'); // return array

Determines whether a user has a permission.

Enforcer::hasPermissionForUser('eve', 'articles', 'read');  // true or false

Using a middleware

敬请期待...

basic Enforcer Middleware

HTTP Request Middleware ( RESTful is also supported )

Using artisan commands

敬请期待...

Using cache

敬请期待...

感谢

Casbin . You can find the full documentation of Casbin on the website.

License

This project is licensed under the Apache 2.0 license.

About

An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP 6.0 .

License:Apache License 2.0

Languages

Language:PHP 100.0%