Skip to content

Associate users with roles and permissions, use Casbin in CodeIgniter4 Web Framework.

License

Notifications You must be signed in to change notification settings

php-casbin/codeigniter-permission

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CodeIgniter Permission

CodeIgniter Permission is an authorization library for the CodeIgniter4 framework.

Build Status Coverage Status Latest Stable Version Total Downloads License

It's based on Casbin, an authorization library that supports access control models like ACL, RBAC, ABAC.

All you need to learn to use Casbin first.

Installation

Require this package in the composer.json of your CodeIgniter 4 project. This will download the package.

composer require casbin/codeigniter-permission

To migrate the migrations, run the migrate command:

php spark migrate -n "Casbin\CodeIgniter"

This will create a new table named rules

Usage

Quick start

Once installed you can do stuff like this:

$enforcer = \Config\Services::enforcer();

// adds permissions to a user
$enforcer->addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
$enforcer->addRoleForUser('eve', 'writer');
// adds permissions to a rule
$enforcer->addPolicy('writer', 'articles','edit');

You can check if a user has a permission like this:

// to check if a user has permission
if ($enforcer->enforce("eve", "articles", "edit")) {
    // permit eve to edit articles
} else {
    // deny the request, show an error
}

Using Enforcer Api

It provides a very rich api to facilitate various operations on the Policy:

Gets all roles:

$enforcer->getAllRoles(); // ['writer', 'reader']

Gets all the authorization rules in the policy.:

$enforcer->getPolicy();

Gets the roles that a user has.

$enforcer->getRolesForUser('eve'); // ['writer']

Gets the users that has a role.

$enforcer->getUsersForRole('writer'); // ['eve']

Determines whether a user has a role.

$enforcer->hasRoleForUser('eve', 'writer'); // true or false

Adds a role for a user.

$enforcer->addRoleForUser('eve', 'writer');

Adds a permission for a user or role.

// to user
$enforcer->addPermissionForUser('eve', 'articles', 'read');
// to role
$enforcer->addPermissionForUser('writer', 'articles','edit');

Deletes a role for a user.

$enforcer->deleteRoleForUser('eve', 'writer');

Deletes all roles for a user.

$enforcer->deleteRolesForUser('eve');

Deletes a role.

$enforcer->deleteRole('writer');

Deletes a permission.

$enforcer->deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).

Deletes a permission for a user or role.

$enforcer->deletePermissionForUser('eve', 'articles', 'read');

Deletes permissions for a user or role.

// to user
$enforcer->deletePermissionsForUser('eve');
// to role
$enforcer->deletePermissionsForUser('writer');

Gets permissions for a user or role.

$enforcer->getPermissionsForUser('eve'); // return array

Determines whether a user has a permission.

$enforcer->hasPermissionForUser('eve', 'articles', 'read');  // true or false

See Casbin API for more APIs.

Multiple enforcers

If you need multiple permission controls in your project, you can configure multiple enforcers.

In the Config\Enforcer.php file, it should be like this:

namespace Config;

use Casbin\CodeIgniter\Config\Enforcer as BaseConfig;
use Casbin\CodeIgniter\Adapters\DatabaseAdapter;

class Enforcer extends BaseConfig
{
    /*
     * Default Enforcer driver
     *
     * @var string
     */
    public $default = 'basic';

    public $basic = [
        /*
        * Casbin model setting.
        */
        'model' => [
            // Available Settings: "file", "text"
            'config_type' => 'file',

            'config_file_path' => __DIR__.'/rbac-model.conf',

            'config_text' => '',
        ],

        /*
        * Casbin adapter .
        */
        'adapter' => DatabaseAdapter::class,

        /*
        * Database setting.
        */
        'database' => [
            // Database connection for following tables.
            'connection' => '',

            // Rule table name.
            'rules_table' => 'rules',
        ],

        'log' => [
            // changes whether Casbin will log messages to the Logger.
            'enabled' => false,

            // Casbin Logger
            'logger' => \Casbin\CodeIgniter\Logger::class,
        ],

        'cache' => [
            // changes whether Casbin will cache the rules.
            'enabled' => false,

            // cache Key
            'key' => 'rules',

            // ttl int|null
            'ttl' => 24 * 60,
        ],
    ];

    public $second = [
        'model' => [
            // ...
        ],

        'adapter' => DatabaseAdapter::class,
        // ...
    ];
}

Then you can choose which enforcers to use.

$enforcer->guard('second')->enforce("eve", "articles", "edit");

Using cache

Authorization rules are cached to speed up performance. The default is off.

Sets your own cache configs in Config\Enforcer.php.

'cache' => [
    // changes whether Casbin will cache the rules.
    'enabled' => false,
    // cache Key
    'key' => 'rules',
    // ttl int|null
    'ttl' => 24 * 60,
]

Thinks

PHP-Casbin. You can find the full documentation of Casbin on the website.

License

This project is licensed under the Apache 2.0 license.