README

An authorization library that supports access control models like ACL, RBAC, ABAC in Hyperf..

Installing

Require this package in the composer.json of your Hyperf project. This will download the package.

$ composer require casbin/hyperf-permission -vvv

To publish the config, run the vendor publish command:

$ php bin/hyperf.php vendor:publish casbin/hyperf-permission

This will create a new model config file named config/autoload/casbin-rbac-model.conf, a new permission config file named config/autoload/permission.php and new migrate file named 2020_07_22_213202_create_rules_table.php.

To migrate the migrations, run the migrate command:

$ php bin/hyperf.php migrate

This will create a new table named rules .

Usage

Quick start

Once installed you can do stuff like this:

use Hyperf\Permission\Casbin;

$casbin = new Casbin();

// adds permissions to a user
$casbin->addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
$casbin->addRoleForUser('eve', 'writer');
// adds permissions to a rule
$casbin->addPolicy('writer', 'articles', 'edit');

You can check if a user has a permission like this:

// to check if a user has permission
if ($casbin->enforce('eve', 'articles', 'edit')) {
  // permit eve to edit articles
} else {
  // deny the request, show an error
}

Using Enforcer Api

It provides a very rich api to facilitate various operations on the Policy:

Gets all roles:

Enforcer::getAllRoles(); // ['writer', 'reader']

Gets all the authorization rules in the policy.:

Enforcer::getPolicy();

Gets the roles that a user has.

Enforcer::getRolesForUser('eve'); // ['writer']

Gets the users that has a role.

Enforcer::getUsersForRole('writer'); // ['eve']

Determines whether a user has a role.

Enforcer::hasRoleForUser('eve', 'writer'); // true or false

Adds a role for a user.

Enforcer::addRoleForUser('eve', 'writer');

Adds a permission for a user or role.

// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');

Deletes a role for a user.

Enforcer::deleteRoleForUser('eve', 'writer');

Deletes all roles for a user.

Enforcer::deleteRolesForUser('eve');

Deletes a role.

Enforcer::deleteRole('writer');

Deletes a permission.

Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).

Deletes a permission for a user or role.

Enforcer::deletePermissionForUser('eve', 'articles', 'read');

Deletes permissions for a user or role.

// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');

Gets permissions for a user or role.

Enforcer::getPermissionsForUser('eve'); // return array

Determines whether a user has a permission.

Enforcer::hasPermissionForUser('eve', 'articles', 'read');  // true or false

See Casbin API for more APIs.

Contributing

You can contribute in one of three ways:

1. File bug reports using the [issue tracker](https://github.com/php-casbin/hyperf-permission/issues).
2. Answer questions or fix bugs on the [issue tracker](https://github.com/php-casbin/hyperf-permission/issues).
3. Contribute new features or update the wiki.

The code contribution process is not very formal. You just need to make sure that you follow the PSR-0, PSR-1, and PSR-2 coding guidelines. Any new code contributions must be accompanied by unit tests where applicable.

License

Apache-2.0