PHP用Casbin做RBAC和RESTful權限控制的方法
本篇內(nèi)容介紹了“PHP用Casbin做RBAC和RESTful權限控制的方法”的有關知識,在實際案例的操作過程中����,不少人都會遇到這樣的困境����,接下來就讓小編帶領大家學習一下如何處理這些情況吧!希望大家仔細閱讀����,能夠?qū)W有所成!
PHP-Casbin 是一個強大的����、高效的開源訪問控制框架,它支持基于各種訪問控制模型(RBAC ABAC ACL)的權限管理����。
這里使用官方提供的數(shù)據(jù)庫適配器擴展:DBAL Adapter.
安裝
通過composer安裝:
composer require casbin/casbin
composer require casbin/dbal-adapter
使用 RBAC Model
model.conf 如下:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
# RBAC角色繼承關系的定義
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch3(r.obj, p.obj) && regexMatch(r.act, p.act)
初始化一個Casbin enforcer
use Casbin\Enforcer;
use CasbinAdapter\DBAL\Adapter;
$adapter = Adapter::newAdapter([
'driver' => 'pdo_mysql',
'host' => '127.0.0.1',
'dbname' => 'test',
'user' => 'root',
'password' => '',
'port' => '3306',
]);
$enforcer = new Enforcer('path/to/model.conf', $adapter);添加策略
給alice和bob分配角色:
// alice has the admin role
$enforcer->addRoleForUser('alice', 'admin');
// bob has the member role
$enforcer->addRoleForUser('bob', 'member');給member角色分配權限����,member 角色僅對foo資源有查看權限:
$enforcer->addPermissionForUser('member', '/foo', 'GET');
$enforcer->addPermissionForUser('member', '/foo/:id', 'GET');admin角色對foo擁有增刪改查權限:
// admin inherits all permissions of member
$enforcer->addRoleForUser('admin', 'member');
$enforcer->addPermissionForUser('admin', '/foo', 'POST');
$enforcer->addPermissionForUser('admin', '/foo/:id', 'PUT');
$enforcer->addPermissionForUser('admin', '/foo/:id', 'DELETE');分配完角色和權限后����,數(shù)據(jù)庫中的策略規(guī)則大致如下:
g, alice, admin
g, bob, member
p, memeber, /foo, GET
p, memeber, /foo/:id, GET
g, admin, member
p, admin, /foo, POST
p, admin, /foo/:id, PUT
p, admin, /foo/:id, DELETE
驗證權限
alice 具有admin角色,繼承admin和member兩個角色的全部權限.
$enforcer->enforce('alice', '/foo', 'GET'); // true
$enforcer->enforce('alice', '/foo', 'GET'); // true
$enforcer->enforce('alice', '/foo', 'POST'); // true
$enforcer->enforce('alice', '/foo/1', 'PUT'); // true
$enforcer->enforce('alice', '/foo/1', 'DELETE'); // truebob 具有member角色, 只繼承member的權限.
$enforcer->enforce('bob', '/foo', 'GET'); // true
$enforcer->enforce('bob', '/foo', 'GET'); // true
$enforcer->enforce('bob', '/foo', 'POST'); // false
$enforcer->enforce('bob', '/foo/1', 'PUT'); // false
$enforcer->enforce('bob', '/foo/1', 'DELETE'); // false“PHP用Casbin做RBAC和RESTful權限控制的方法”的內(nèi)容就介紹到這里了����,感謝大家的閱讀。如果想了解更多行業(yè)相關的知識可以關注億速云網(wǎng)站����,小編將為大家輸出更多高質(zhì)量的實用文章!
