crisu83 / overseer
Framework agnostic RBAC implementation
Installs: 49 087
Dependents: 1
Suggesters: 0
Security: 0
Stars: 18
Watchers: 4
Forks: 5
Open Issues: 1
Requires (Dev)
- codeception/codeception: ^2.1
- codeception/specify: ^0.4
- codeception/verify: ^0.3
- satooshi/php-coveralls: ^1.0
This package is auto-updated.
Last update: 2024-10-29 03:58:44 UTC
README
Overseer is a framework agnostic RBAC implementation in PHP.
How does Overseer differ from other implementations?
Overseer is developed using PHP OOP best practices and meets the PHP-FIG standards. It is not only framework agnostic, but also storage agnostic, which allows you to use it together with your favorite libraries.
Features
- Role inhertiance
- Permission business rules
- Resource based permissions
- Configurable
Work in progress
- Unit tests
- Refactoring
- README
Usage
Overseer comes bundled with a runtime storage implementation that is suitable for non-production use. If you plan on using Overseer in production we suggest that you implement persistent storage and caching to improve performance.
Example
The following script demonstrates usage (you can find the rest of the code in the example folder):
<?php require(__DIR__ . '/../vendor/autoload.php'); require(__DIR__ . '/User.php'); require(__DIR__ . '/HasAuthor.php'); require(__DIR__ . '/Book.php'); require(__DIR__ . '/AuthorRule.php'); use Crisu83\Overseer\Entity\Assignment; use Crisu83\Overseer\Entity\Permission; use Crisu83\Overseer\Entity\Role; use Crisu83\Overseer\Overseer; use Crisu83\Overseer\Runtime\AssignmentStorage; use Crisu83\Overseer\Runtime\PermissionStorage; use Crisu83\Overseer\Runtime\RoleStorage; $roleStorage = new RoleStorage; $permissionStorage = new PermissionStorage; $assignmentStorage = new AssignmentStorage; $overseer = new Overseer($roleStorage, $permissionStorage, $assignmentStorage); $myUser = new User(1); // subject $myBook = new Book(1); // resource $writer = new Role('writer'); $editor = new Role('editor'); $write = new Permission('book.write', 'book'); $author = new Permission('book.author', 'book'); $read = new Permission('book.read', 'book'); $author->addRule(new AuthorRule); $writer->addPermission('book.write'); $writer->addPermission('book.author'); $editor->addPermission('book.read'); $overseer->saveRole($writer); $overseer->saveRole($editor); $overseer->savePermission($read); $overseer->savePermission($write); $overseer->savePermission($author); $overseer->saveAssignment(new Assignment(1, ['writer', 'editor'])); echo "My permissions: " . PHP_EOL; echo " " . implode(', ', $overseer->getPermissions($myUser)) . PHP_EOL; echo "My permissions to the book: " . PHP_EOL; echo " " . implode(', ', $overseer->getPermissions($myUser, $myBook)) . PHP_EOL; if ($overseer->hasPermission('book.author', $myUser, $myBook)) { echo "I am the author of the book." . PHP_EOL; } else { echo "I am not the author of the book" . PHP_EOL; }
Here is the output from that script:
My permissions:
book.read, book.write
My permissions to the book:
book.read, book.write, book.author
I am the author of the book.