xifat/think-authz

An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP 6.0 .

ThinkPHP 6.0 Authorization

Think-authz 是一个专为ThinkPHP6.0打造的授权（角色和权限控制）工具

它基于 Casbin, 一个强大的、高效的开源访问控制框架，它支持基于各种访问控制模型的权限管理。

在这之前，你需要了解 Casbin 的相关知识.

• 安装
• 用法
  • 快速开始
  • 使用 Enforcer Api
  • Using a middleware
    • basic Enforcer Middleware
    • HTTP Request Middleware ( RESTful is also supported )
  • Using commands
  • Cache
• 感谢
• License

安装

使用composer安装：

composer require casbin/think-authz

注册服务，在应用的全局公共文件service.php中加入：

return [
    // ...

    tauthz\TauthzService::class,
];

发布配置文件和数据库迁移文件：

php think tauthz:publish

这将自动生成 config/tauthz-rbac-model.conf 和 config/tauthz.php 文件。

执行迁移工具（确保数据库配置信息正确）：

php think migrate:run

这将创将创建名为 rules 的表。

用法

快速开始

安装成功后，可以这样使用:

use tauthz\facade\Enforcer;

// adds permissions to a user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
// adds permissions to a rule
Enforcer::addPolicy('writer', 'articles','edit');

You can check if a user has a permission like this:

// to check if a user has permission
if (Enforcer::enforce("eve", "articles", "edit")) {
    // permit eve to edit articles
} else {
    // deny the request, show an error
}

使用 Enforcer Api

It provides a very rich api to facilitate various operations on the Policy:

Gets all roles:

Enforcer::getAllRoles(); // ['writer', 'reader']

Gets all the authorization rules in the policy.:

Enforcer::getPolicy();

Gets the roles that a user has.

Enforcer::getRolesForUser('eve'); // ['writer']

Gets the users that has a role.

Enforcer::getUsersForRole('writer'); // ['eve']

Determines whether a user has a role.

Enforcer::hasRoleForUser('eve', 'writer'); // true or false

Adds a role for a user.

Enforcer::addRoleForUser('eve', 'writer');

Adds a permission for a user or role.

// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');

Deletes a role for a user.

Enforcer::deleteRoleForUser('eve', 'writer');

Deletes all roles for a user.

Enforcer::deleteRolesForUser('eve');

Deletes a role.

Enforcer::deleteRole('writer');

Deletes a permission.

Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).

Deletes a permission for a user or role.

Enforcer::deletePermissionForUser('eve', 'articles', 'read');

Deletes permissions for a user or role.

// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');

Gets permissions for a user or role.

Enforcer::getPermissionsForUser('eve'); // return array

Determines whether a user has a permission.

Enforcer::hasPermissionForUser('eve', 'articles', 'read');  // true or false

Using a middleware

敬请期待...

basic Enforcer Middleware

HTTP Request Middleware ( RESTful is also supported )

Using artisan commands

敬请期待...

Using cache

敬请期待...

感谢

Casbin . You can find the full documentation of Casbin on the website.

License

This project is licensed under the Apache 2.0 license.