/rbac

Role based access control

Primary LanguagePHPBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Yii Role-Based Access Control Library


This package provides RBAC (Role-Based Access Control) library. It is used in Yii Framework but is supposed to be usable separately.

Latest Stable Version Total Downloads Build status Scrutinizer Code Quality Code Coverage Mutation testing badge static analysis type-coverage

Install:

composer require yiisoft/rbac

Basic usage:

Create an instance

$manager = new Manager($storage, new ClassNameRuleFactory());

In the directory config will contain permissions and rules.

Create permissions

$manager->addPermission(new Permission('createPost'));
$manager->addPermission(new Permission('readPost'));
$manager->addPermission(new Permission('deletePost'));

After executing this code, this configuration will be saved in ../config/items.php

Create roles

$manager->addRole(new Role('author'));
$manager->addRole(new Role('reader'));

Attach permissions to roles

$manager->addChild(
    $storage->getRoleByName('reader'),
    $storage->getPermissionByName('readPost')
);

$manager->addChild(
    $storage->getRoleByName('author'),
    $storage->getPermissionByName('createPost')
);

$manager->addChild(
    $storage->getRoleByName('author'),
    $storage->getRoleByName('reader')
);

Assign role to user

$userId = 100;
$manager->assign($storage->getRoleByName('author'), $userId);

After executing this code, this configuration will be saved in ../config/assignments.php

Check permissions

In order to check permissions, obtain an instance of \Yiisoft\Access\AccessCheckerInterface and use it:

public function actionCreate(\Yiisoft\Access\AccessCheckerInterface $accessChecker): ResponseInterface
{
    $userId = getUserId();

    if ($accessChecker->userHasPermission($userId, 'createPost')) {
        // author has permission createPost
    }
}

Usage rules

$manager->addRule(new ActionRule());
$manager->addPermission(
    (new Permission('viewList'))->withRuleName('action_rule')
);

The role will also support the rules.

Rule example

class ActionRule extends Rule
{
    public function __construct()
    {
        parent::__construct('action_rule');
    }

    public function execute(string $userId, Item $item, array $parameters = []): bool
    {
        return isset($parameters['action']) && $parameters['action'] === 'home';
    }
}

Check permissions with rule

$anotherUserId = 103;
if (!$manager->userHasPermission($anotherUserId, 'viewList', ['action' => 'home'])) {
    echo 'reader not has permission index';
}

Storage:

Storage Description
PhpStorage PHP file storage

Unit testing

The package is tested with PHPUnit. To run tests:

./vendor/bin/phpunit

Mutation testing

The package tests are checked with Infection mutation framework. To run it:

./vendor/bin/infection

Static analysis

The code is statically analyzed with Psalm. To run static analysis:

./vendor/bin/psalm

Support the project

Open Collective

Follow updates

Official website Twitter Telegram Facebook Slack

License

The Yii Role-Based Access Control Library is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.