This library is meant to implement the concept of ABAC in your PHP applications.
The concept is to manage access control using attributes : from users, from resources and environment.
It allows us to define rules based on multiple attributes. These rules will be checked in your application to determine if an user is allowed to perform an action.
The following links explain what ABAC is :
Using composer :
Write the following line in your composer.json file :
"require" : {
"kilix/php-abac": "dev-master"
}
Then just do :
composer install
To initialize the library tables in your database, there is a SQL file located in the sql/
folder. This file will create the tables used by php-abac.
Example with only user attributes defined in the rule
<?php
use PhpAbac\Abac;
$abac = new Abac($pdoConnection);
$abac->enforce('create-group', $userId);
The checked attributes can be :
User |
---|
is_banned = 0 |
Example with both user and object attributes
use PhpAbac\Abac;
$abac = new Abac($pdoConnection);
$check = $abac->enforce('read-public-group', $userId, $groupId);
The checked attributes can be :
User | Group |
---|---|
is_banned = 0 | is_active = 1 |
is_public = 1 |
Example with dynamic attributes
<?php
use PhpAbac\Abac;
$abac = new Abac($pdoConnection);
$check = $abac->enforce('edit-group', $userId, $groupId, [
'group-owner' => $userId
]);
If you want to contribute, don't hesitate to fork the library and submit Pull Requests.
You can also report issues, suggest enhancements, feel free to give advices and your feedback about this library.
It's not finished yet, there's still a lot of features to implement to make it better. If you want to be a part of this library improvement, let us know !