Casbin

說(shuō)明

Casbin是一個(gè)強(qiáng)大的、高效的開(kāi)源訪問(wèn)控制框架，其權(quán)限管理機(jī)制支持多種訪問(wèn)控制模型。

項(xiàng)目地址

https://github.com/teamones-open/casbin

安裝

  composer require teamones/casbin

Casbin官網(wǎng)

詳細(xì)使用可以去看官方中文文檔，這里只講怎么在webman中配置使用

https://casbin.org/docs/zh-CN/overview

目錄結(jié)構(gòu)

.
├── config                        配置目錄
│?? ├── casbin-restful-model.conf 使用的權(quán)限模型配置文件
│?? ├── casbin.php                casbin配置
......
├── database                      數(shù)據(jù)庫(kù)文件
│?? ├── migrations                遷移文件
│?? │?? └── 20210218074218_create_rule_table.php
......

數(shù)據(jù)庫(kù)遷移文件

<?php

use Phinx\Migration\AbstractMigration;

class CreateRuleTable extends AbstractMigration
{
    /**
     * Change Method.
     *
     * Write your reversible migrations using this method.
     *
     * More information on writing migrations is available here:
     * http://docs.phinx.org/en/latest/migrations.html#the-abstractmigration-class
     *
     * The following commands can be used in this method and Phinx will
     * automatically reverse them when rolling back:
     *
     *    createTable
     *    renameTable
     *    addColumn
     *    addCustomColumn
     *    renameColumn
     *    addIndex
     *    addForeignKey
     *
     * Any other destructive changes will result in an error when trying to
     * rollback the migration.
     *
     * Remember to call "create()" or "update()" and NOT "save()" when working
     * with the Table class.
     */
    public function change()
    {
        $table = $this->table('rule', ['id' => false, 'primary_key' => ['id'], 'engine' => 'InnoDB', 'collation' => 'utf8mb4_general_ci', 'comment' => '規(guī)則表']);

        //添加數(shù)據(jù)字段
        $table->addColumn('id', 'integer', ['identity' => true, 'signed' => false, 'limit' => 11, 'comment' => '主鍵ID'])
            ->addColumn('ptype', 'char', ['default' => '', 'limit' => 8, 'comment' => '規(guī)則類型'])
            ->addColumn('v0', 'string', ['default' => '', 'limit' => 128])
            ->addColumn('v1', 'string', ['default' => '', 'limit' => 128])
            ->addColumn('v2', 'string', ['default' => '', 'limit' => 128])
            ->addColumn('v3', 'string', ['default' => '', 'limit' => 128])
            ->addColumn('v4', 'string', ['default' => '', 'limit' => 128])
            ->addColumn('v5', 'string', ['default' => '', 'limit' => 128]);

        //執(zhí)行創(chuàng)建
        $table->create();
    }
}

casbin 配置

權(quán)限規(guī)則模型配置語(yǔ)法請(qǐng)看：https://casbin.org/docs/zh-CN/syntax-for-models

<?php

return [
    'default' => [
        'model' => [
            'config_type' => 'file',
            'config_file_path' => config_path() . '/casbin-restful-model.conf', // 權(quán)限規(guī)則模型配置文件
            'config_text' => '',
        ],
        'adapter' => [
            'type' => 'model', // model or adapter
            'class' => \app\model\Rule::class,
        ],
    ],
    // 可以配置多個(gè)權(quán)限model
    'rbac' => [
        'model' => [
            'config_type' => 'file',
            'config_file_path' => config_path() . '/casbin-rbac-model.conf', // 權(quán)限規(guī)則模型配置文件
            'config_text' => '',
        ],
        'adapter' => [
            'type' => 'model', // model or adapter
            'class' => \app\model\RBACRule::class,
        ],
    ],
];

適配器

當(dāng)前composer封裝中適配的是 think-orm 的model方法，其他 orm 請(qǐng)參考 vendor/teamones/src/adapters/DatabaseAdapter.php

然后修改配置

return [
    'default' => [
        'model' => [
            'config_type' => 'file',
            'config_file_path' => config_path() . '/casbin-restful-model.conf', // 權(quán)限規(guī)則模型配置文件
            'config_text' => '',
        ],
        'adapter' => [
            'type' => 'adapter', // 這里類型配置成適配器模式
            'class' => \app\adapter\DatabaseAdapter::class,
        ],
    ],
];

使用說(shuō)明

引入

# 引入
use teamones\casbin\Enforcer;

兩種用法

# 1. 默認(rèn)使用 default 配置
Enforcer::addPermissionForUser('user1', '/user', 'read');

# 1. 使用自定義的 rbac 配置
Enforcer::instance('rbac')->addPermissionForUser('user1', '/user', 'read');

常用API介紹

更多API用法請(qǐng)去官方查看

• 管理API： https://casbin.org/docs/zh-CN/management-api
• RBAC API： https://casbin.org/docs/zh-CN/rbac-api

# 為用戶添加權(quán)限

Enforcer::addPermissionForUser('user1', '/user', 'read');

# 刪除一個(gè)用戶的權(quán)限

Enforcer::deletePermissionForUser('user1', '/user', 'read');

# 獲取用戶所有權(quán)限

Enforcer::getPermissionsForUser('user1'); 

# 為用戶添加角色

Enforcer::addRoleForUser('user1', 'role1');

# 為角色添加權(quán)限

Enforcer::addPermissionForUser('role1', '/user', 'edit');

# 獲取所有角色

Enforcer::getAllRoles();

# 獲取用戶所有角色

Enforcer::getRolesForUser('user1');

# 根據(jù)角色獲取用戶

Enforcer::getUsersForRole('role1');

# 判斷用戶是否屬于一個(gè)角色

Enforcer::hasRoleForUser('use1', 'role1');

# 刪除用戶角色

Enforcer::deleteRoleForUser('use1', 'role1');

# 刪除用戶所有角色

Enforcer::deleteRolesForUser('use1');

# 刪除角色

Enforcer::deleteRole('role1');

# 刪除權(quán)限

Enforcer::deletePermission('/user', 'read');

# 刪除用戶或者角色的所有權(quán)限

Enforcer::deletePermissionsForUser('user1');
Enforcer::deletePermissionsForUser('role1');

# 檢查權(quán)限，返回 true or false

Enforcer::enforce("user1", "/user", "edit");