casbin / codeigniter-permission
Associate users with roles and permissions, use Casbin in CodeIgniter4 Web Framework.
Installs: 2 096
Dependents: 0
Suggesters: 0
Security: 0
Stars: 45
Watchers: 15
Forks: 9
Open Issues: 0
Requires
- php: ^8.1
- casbin/casbin: ^4.0.2
- codeigniter4/framework: ^4.5
Requires (Dev)
- phpunit/phpunit: ^10.0|^11.0
This package is auto-updated.
Last update: 2024-12-18 16:38:43 UTC
README
CodeIgniter Permission
CodeIgniter Permission is an authorization library for the CodeIgniter4 framework.
It's based on Casbin, an authorization library that supports access control models like ACL, RBAC, ABAC.
All you need to learn to use Casbin
first.
Installation
Require this package in the composer.json
of your CodeIgniter 4
project. This will download the package.
composer require casbin/codeigniter-permission
To migrate the migrations, run the migrate command:
php spark migrate -n "Casbin\CodeIgniter"
This will create a new table named rules
Usage
Quick start
Once installed you can do stuff like this:
$enforcer = \Config\Services::enforcer(); // adds permissions to a user $enforcer->addPermissionForUser('eve', 'articles', 'read'); // adds a role for a user. $enforcer->addRoleForUser('eve', 'writer'); // adds permissions to a rule $enforcer->addPolicy('writer', 'articles','edit');
You can check if a user has a permission like this:
// to check if a user has permission if ($enforcer->enforce("eve", "articles", "edit")) { // permit eve to edit articles } else { // deny the request, show an error }
Using Enforcer Api
It provides a very rich api to facilitate various operations on the Policy:
Gets all roles:
$enforcer->getAllRoles(); // ['writer', 'reader']
Gets all the authorization rules in the policy.:
$enforcer->getPolicy();
Gets the roles that a user has.
$enforcer->getRolesForUser('eve'); // ['writer']
Gets the users that has a role.
$enforcer->getUsersForRole('writer'); // ['eve']
Determines whether a user has a role.
$enforcer->hasRoleForUser('eve', 'writer'); // true or false
Adds a role for a user.
$enforcer->addRoleForUser('eve', 'writer');
Adds a permission for a user or role.
// to user $enforcer->addPermissionForUser('eve', 'articles', 'read'); // to role $enforcer->addPermissionForUser('writer', 'articles','edit');
Deletes a role for a user.
$enforcer->deleteRoleForUser('eve', 'writer');
Deletes all roles for a user.
$enforcer->deleteRolesForUser('eve');
Deletes a role.
$enforcer->deleteRole('writer');
Deletes a permission.
$enforcer->deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).
Deletes a permission for a user or role.
$enforcer->deletePermissionForUser('eve', 'articles', 'read');
Deletes permissions for a user or role.
// to user $enforcer->deletePermissionsForUser('eve'); // to role $enforcer->deletePermissionsForUser('writer');
Gets permissions for a user or role.
$enforcer->getPermissionsForUser('eve'); // return array
Determines whether a user has a permission.
$enforcer->hasPermissionForUser('eve', 'articles', 'read'); // true or false
See Casbin API for more APIs.
Multiple enforcers
If you need multiple permission controls in your project, you can configure multiple enforcers.
In the Config\Enforcer.php
file, it should be like this:
namespace Config; use Casbin\CodeIgniter\Config\Enforcer as BaseConfig; use Casbin\CodeIgniter\Adapters\DatabaseAdapter; class Enforcer extends BaseConfig { /* * Default Enforcer driver * * @var string */ public $default = 'basic'; public $basic = [ /* * Casbin model setting. */ 'model' => [ // Available Settings: "file", "text" 'config_type' => 'file', 'config_file_path' => __DIR__.'/rbac-model.conf', 'config_text' => '', ], /* * Casbin adapter . */ 'adapter' => DatabaseAdapter::class, /* * Database setting. */ 'database' => [ // Database connection for following tables. 'connection' => '', // Rule table name. 'rules_table' => 'rules', ], 'log' => [ // changes whether Casbin will log messages to the Logger. 'enabled' => false, // Casbin Logger 'logger' => \Casbin\CodeIgniter\Logger::class, ], 'cache' => [ // changes whether Casbin will cache the rules. 'enabled' => false, // cache Key 'key' => 'rules', // ttl int|null 'ttl' => 24 * 60, ], ]; public $second = [ 'model' => [ // ... ], 'adapter' => DatabaseAdapter::class, // ... ]; }
Then you can choose which enforcers to use.
$enforcer->guard('second')->enforce("eve", "articles", "edit");
Using cache
Authorization rules are cached to speed up performance. The default is off.
Sets your own cache configs in Config\Enforcer.php
.
'cache' => [ // changes whether Casbin will cache the rules. 'enabled' => false, // cache Key 'key' => 'rules', // ttl int|null 'ttl' => 24 * 60, ]
Thinks
PHP-Casbin. You can find the full documentation of Casbin on the website.
License
This project is licensed under the Apache 2.0 license.