Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use Casbin". In daily operation, I believe many people have doubts about how to use Casbin. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "how to use Casbin"! Next, please follow the editor to study!

Installation

Install using Composer:

Composer require casbin/laravel-authz

Lauthz\ LauthzServiceProvider is auto-discovered and is registered by default, but if you want to register yourself, you can add ServiceProvider to config/app.php:

'providers' = > [/ * * Package Service Providers... * / Lauthz\ LauthzServiceProvider::class,]

Enforcer facade is also an auto-discovered, but if you want to add it manually, add it in config/app.php:

'aliases' = > [/ /... 'Enforcer' = > Lauthz\ Facades\ Enforcer::class,]

To publish the configuration, run the vendor:publish command:

Php artisan vendor:publish

This automatically creates the Model profile config/lauthz-rbac-model.conf and a new Lauthz profile config/lauthz.php.

To migrate a migration, run the migrate command:

Php artisan migrate

This creates an rules data table.

Quick start of usage

After installation, you can do the following:

Use Enforcer;// adds permissions to a userEnforcer::addPermissionForUser ('eve',' articles',' read'); / / adds a role for a user.Enforcer::addRoleForUser ('eve',' writer'); / / adds permissions to a ruleEnforcer::addPolicy ('writer',' articles','edit')

You can verify the permissions of the user, as follows:

/ / to check if a user has permissionif (Enforcer::enforce ("eve", "articles", "edit")) {/ / permit eve to edit articles} else {/ / deny the request, show an error} use Enforcer Api

It provides a very rich API to facilitate various operations on Policy:

Get all roles:

Enforcer::getAllRoles (); / / ['writer',' reader']

Get authorization rules for all roles:

Enforcer::getPolicy ()

Get all the roles of a user:

Enforcer::getRolesForUser ('eve'); / / [' writer']

Get all users of a role:

Enforcer::getUsersForRole ('writer'); / / [' eve']

Determine whether the user has a role:

Enforcer::hasRoleForUser ('eve',' writer'); / / true or false

Add roles to the user:

Enforcer::addRoleForUser ('eve',' writer')

To grant permissions to a user or role:

/ / to userEnforcer::addPermissionForUser ('eve',' articles',' read'); / / to roleEnforcer::addPermissionForUser ('writer',' articles','edit')

Delete the role of the user:

Enforcer::deleteRoleForUser ('eve',' writer')

Delete all roles for a user:

Enforcer::deleteRolesForUser ('eve')

Delete a single role:

Enforcer::deleteRole ('writer')

Delete a permission:

Enforcer::deletePermission ('articles',' read'); / / returns false if the permission does not exist (aka not affected).

Remove permissions for a user or role:

Enforcer::deletePermissionForUser ('eve',' articles', 'read')

Remove all permissions for a user or role:

/ / to userEnforcer::deletePermissionsForUser ('eve'); / / to roleEnforcer::deletePermissionsForUser (' writer')

Get all permissions for a user or role:

Enforcer::getPermissionsForUser ('eve'); / / return array

Think whether a user has a certain permission:

Enforcer::hasPermissionForUser ('eve',' articles', 'read'); / / true or false

Refer to Casbin API for more API.

Use middleware

The expansion pack comes with EnforcerMiddleware and RequestMiddleware middleware. You can add them to your app/Http/Kernel.php file:

Protected $routeMiddleware = [/ /... / / a basic EnforcerMiddleware 'enforcer' = >\ Lauthz\ Middlewares\ EnforcerMiddleware::class, / / an HTTP RequestMiddleware' http_request' = > >\ Lauthz\ Middlewares\ RequestMiddleware::class,]; basic Enforcer middleware

They can then be used to secure routes:

Route::group (['middleware' = > [' enforcer:articles,read']], function () {/ / pass}); HTTP request middleware (supports RESTful)

If you need to authorize a request, you need to first define the model configuration in config/lauthz-rbac-model.conf:

[request_definition] r = sub, obj, act [policy _ definition] p = sub, obj, act [role _ definition] g = _, _ [policy_effect] e = some (where (p.eft = = allow)) [matchers] m = g (r.sub, p.sub) & keyMatch3 (r.obj, p.obj) & & regexMatch (r.act, p.act)

Then, use middleware rules:

Route::group (['middleware' = > [' http_request']], function () {Route::resource ('photo',' PhotoController');}); multiple decision makers

If you need more than one permission control in your project, you can configure multiple decision makers.

In the lauthz configuration file, you should configure:

Return ['default' = >' basic', 'basic' = > [' model' = > [/ /...], 'adapter' = > Lauthz\ Adapters\ DatabaseAdapter::class, / /...],' second' = > ['model' = > [/ /...],' adapter' = > Lauthz\ Adapters\ DatabaseAdapter::class / /...],]

Then choose which decision maker to use:

Enforcer::guard ('second')-> enforce ("eve", "articles", "edit"); Artisan command line

You can use the artisan command in the console to create a policy:

Add a policy to the user:

Php artisan policy:add eve,articles,read

Add a policy to the role:

Php artisan policy:add writer,articles,edit

Assign roles to users:

Php artisan role:assign eve writer caching

Cache authorization rules can improve performance and are turned off by default.

Set your own cache configuration in the config/lauthz.php of Laravel:

'cache' = > [/ / changes whether Lauthz will cache the rules. 'enabled' = > false, / / cache store' store' = >' default', / / cache Key 'key' = >' rules', / / ttl\ DateTimeInterface |\ DateInterval | int | null 'ttl' = > 24 * 60,]. At this point, the study on "how to use Casbin" is over. I hope you can solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.