easyswoole-tool/hyperf-orm-permission

An authorization library that supports access control models like ACL, RBAC, ABAC in EsaySwoole Hyperf Orm.

dev-master 2021-07-26 08:45 UTC

This package is auto-updated.

Last update: 2024-10-26 15:41:24 UTC


README

EasySwoole Hyperf Orm Permission


Install

The preferred way to install this extension is through composer.

Either run

composer require easyswoole-tool/hyperf-orm-permission dev-master

or add

"easyswoole-tool/hyperf-orm-permission": "dev-master"

to the require section of your composer.json file.

Dependent

easyswoole/hyperf-orm

Sql

CREATE TABLE  if not exists  `casbin_rules` (
  `id` BigInt(20) unsigned NOT NULL AUTO_INCREMENT,
  `ptype` varchar(255) DEFAULT NULL,
  `v0` varchar(255) DEFAULT NULL,
  `v1` varchar(255) DEFAULT NULL,
  `v2` varchar(255) DEFAULT NULL,
  `v3` varchar(255) DEFAULT NULL,
  `v4` varchar(255) DEFAULT NULL,
  `v5` varchar(255) DEFAULT NULL,
  `create_at` int NULL DEFAULT NULL,
  `update_at` int NULL DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4;

Config

// dev.php

    <?php
    
    return [
        /*
        * Casbin model setting.
        */
        'model' => [
            // Available Settings: "file", "text"
            'config_type' => 'file',
    
            'config_file_path' => __DIR__ . '/casbin-rbac-model.conf',
    
            'config_text' => '',
        ],
    
        /*
        * Casbin adapter .
        */
        'adapter' => \EasySwooleTool\HyperfOrm\Permission\Adapters\DatabaseAdapter::class,
    
        /*
        * Database setting.
        */
        'database' => [
            // Database connection for following tables.
            'connection' => '',
    
            // Rule table name.
            'rules_table' => 'rules',
        ],
    
        'log' => [
            // changes whether Lauthz will log messages to the Logger.
            'enabled' => false,
        ],
    ];

DI

// EasySwooleEvent.php

    use EasySwooleTool\HyperfOrm\Permission\Adapters\DatabaseAdapter;
    use EasySwooleTool\HyperfOrm\Permission\Models\Rule;
    use EasySwoole\Component\Di;
    
    Di::getInstance()->set(DatabaseAdapter::class, DatabaseAdapter::class);
    Di::getInstance()->set(Rule::class,  Rule::class, []);

Use

Once installed you can do stuff like this:

        
    use EasySwooleTool\HyperfOrm\Permission\Casbin;

    $casbin = (new Casbin())->getEnforcer();
    // adds permissions to a user
    $casbin->addPermissionForUser('eve', 'articles', 'read');
    // adds a role for a user.
    $casbin->addRoleForUser('eve', 'writer');
    // adds permissions to a rule
    $casbin->addPolicy('writer', 'articles', 'edit');

You can check if a user has a permission like this:

    // to check if a user has permission
    if ($casbin->enforce('eve', 'articles', 'edit')) {
      // permit eve to edit articles
    } else {
      // deny the request, show an error
    }

Using Enforcer Api

It provides a very rich api to facilitate various operations on the Policy:

Gets all roles:

Enforcer::getAllRoles(); // ['writer', 'reader']

Gets all the authorization rules in the policy.:

Enforcer::getPolicy();

Gets the roles that a user has.

Enforcer::getRolesForUser('eve'); // ['writer']

Gets the users that has a role.

Enforcer::getUsersForRole('writer'); // ['eve']

Determines whether a user has a role.

Enforcer::hasRoleForUser('eve', 'writer'); // true or false

Adds a role for a user.

Enforcer::addRoleForUser('eve', 'writer');

Adds a permission for a user or role.

// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');

Deletes a role for a user.

Enforcer::deleteRoleForUser('eve', 'writer');

Deletes all roles for a user.

Enforcer::deleteRolesForUser('eve');

Deletes a role.

Enforcer::deleteRole('writer');

Deletes a permission.

Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).

Deletes a permission for a user or role.

Enforcer::deletePermissionForUser('eve', 'articles', 'read');

Deletes permissions for a user or role.

// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');

Gets permissions for a user or role.

Enforcer::getPermissionsForUser('eve'); // return array

Determines whether a user has a permission.

Enforcer::hasPermissionForUser('eve', 'articles', 'read');  // true or false

See Casbin API for more APIs.