3212lin / hyperf-orm-permission
An authorization library that supports access control models like ACL, RBAC, ABAC in EsaySwoole Hyperf Orm.
Requires
- php: >=7.2.0
- casbin/casbin: ^2.2
- easyswoole/hyperf-orm: dev-master
This package is auto-updated.
Last update: 2024-10-16 14:29:59 UTC
README
EasySwoole Hyperf Orm Permission
Install
The preferred way to install this extension is through composer.
Either run
composer require easyswoole-tool/hyperf-orm-permission dev-master
or add
"easyswoole-tool/hyperf-orm-permission": "dev-master"
to the require section of your composer.json
file.
Dependent
Sql
CREATE TABLE if not exists `casbin_rules` ( `id` BigInt(20) unsigned NOT NULL AUTO_INCREMENT, `ptype` varchar(255) DEFAULT NULL, `v0` varchar(255) DEFAULT NULL, `v1` varchar(255) DEFAULT NULL, `v2` varchar(255) DEFAULT NULL, `v3` varchar(255) DEFAULT NULL, `v4` varchar(255) DEFAULT NULL, `v5` varchar(255) DEFAULT NULL, `create_at` int NULL DEFAULT NULL, `update_at` int NULL DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
Config
// dev.php
<?php return [ /* * Casbin model setting. */ 'model' => [ // Available Settings: "file", "text" 'config_type' => 'file', 'config_file_path' => __DIR__ . '/casbin-rbac-model.conf', 'config_text' => '', ], /* * Casbin adapter . */ 'adapter' => \EasySwooleTool\HyperfOrm\Permission\Adapters\DatabaseAdapter::class, /* * Database setting. */ 'database' => [ // Database connection for following tables. 'connection' => '', // Rule table name. 'rules_table' => 'rules', ], 'log' => [ // changes whether Lauthz will log messages to the Logger. 'enabled' => false, ], ];
DI
// EasySwooleEvent.php
use EasySwooleTool\HyperfOrm\Permission\Adapters\DatabaseAdapter; use EasySwooleTool\HyperfOrm\Permission\Models\Rule; use EasySwoole\Component\Di; Di::getInstance()->set(DatabaseAdapter::class, DatabaseAdapter::class); Di::getInstance()->set(Rule::class, Rule::class, []);
Use
Once installed you can do stuff like this:
use EasySwooleTool\HyperfOrm\Permission\Casbin; $casbin = (new Casbin())->getEnforcer(); // adds permissions to a user $casbin->addPermissionForUser('eve', 'articles', 'read'); // adds a role for a user. $casbin->addRoleForUser('eve', 'writer'); // adds permissions to a rule $casbin->addPolicy('writer', 'articles', 'edit');
You can check if a user has a permission like this:
// to check if a user has permission if ($casbin->enforce('eve', 'articles', 'edit')) { // permit eve to edit articles } else { // deny the request, show an error }
Using Enforcer Api
It provides a very rich api to facilitate various operations on the Policy:
Gets all roles:
Enforcer::getAllRoles(); // ['writer', 'reader']
Gets all the authorization rules in the policy.:
Enforcer::getPolicy();
Gets the roles that a user has.
Enforcer::getRolesForUser('eve'); // ['writer']
Gets the users that has a role.
Enforcer::getUsersForRole('writer'); // ['eve']
Determines whether a user has a role.
Enforcer::hasRoleForUser('eve', 'writer'); // true or false
Adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
Adds a permission for a user or role.
// to user Enforcer::addPermissionForUser('eve', 'articles', 'read'); // to role Enforcer::addPermissionForUser('writer', 'articles','edit');
Deletes a role for a user.
Enforcer::deleteRoleForUser('eve', 'writer');
Deletes all roles for a user.
Enforcer::deleteRolesForUser('eve');
Deletes a role.
Enforcer::deleteRole('writer');
Deletes a permission.
Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).
Deletes a permission for a user or role.
Enforcer::deletePermissionForUser('eve', 'articles', 'read');
Deletes permissions for a user or role.
// to user Enforcer::deletePermissionsForUser('eve'); // to role Enforcer::deletePermissionsForUser('writer');
Gets permissions for a user or role.
Enforcer::getPermissionsForUser('eve'); // return array
Determines whether a user has a permission.
Enforcer::hasPermissionForUser('eve', 'articles', 'read'); // true or false
See Casbin API for more APIs.