CodeIgniter Permission is an authorization library for the CodeIgniter4 framework.
It's based on Casbin, an authorization library that supports access control models like ACL, RBAC, ABAC.
All you need to learn to use Casbin
first.
Require this package in the composer.json
of your CodeIgniter 4
project. This will download the package.
composer require casbin/codeigniter-permission
To migrate the migrations, run the migrate command:
php spark migrate -n "Casbin\CodeIgniter"
This will create a new table named rules
Once installed you can do stuff like this:
$enforcer = \Config\Services::enforcer();
// adds permissions to a user
$enforcer->addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
$enforcer->addRoleForUser('eve', 'writer');
// adds permissions to a rule
$enforcer->addPolicy('writer', 'articles','edit');
You can check if a user has a permission like this:
// to check if a user has permission
if ($enforcer->enforce("eve", "articles", "edit")) {
// permit eve to edit articles
} else {
// deny the request, show an error
}
It provides a very rich api to facilitate various operations on the Policy:
Gets all roles:
$enforcer->getAllRoles(); // ['writer', 'reader']
Gets all the authorization rules in the policy.:
$enforcer->getPolicy();
Gets the roles that a user has.
$enforcer->getRolesForUser('eve'); // ['writer']
Gets the users that has a role.
$enforcer->getUsersForRole('writer'); // ['eve']
Determines whether a user has a role.
$enforcer->hasRoleForUser('eve', 'writer'); // true or false
Adds a role for a user.
$enforcer->addRoleForUser('eve', 'writer');
Adds a permission for a user or role.
// to user
$enforcer->addPermissionForUser('eve', 'articles', 'read');
// to role
$enforcer->addPermissionForUser('writer', 'articles','edit');
Deletes a role for a user.
$enforcer->deleteRoleForUser('eve', 'writer');
Deletes all roles for a user.
$enforcer->deleteRolesForUser('eve');
Deletes a role.
$enforcer->deleteRole('writer');
Deletes a permission.
$enforcer->deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).
Deletes a permission for a user or role.
$enforcer->deletePermissionForUser('eve', 'articles', 'read');
Deletes permissions for a user or role.
// to user
$enforcer->deletePermissionsForUser('eve');
// to role
$enforcer->deletePermissionsForUser('writer');
Gets permissions for a user or role.
$enforcer->getPermissionsForUser('eve'); // return array
Determines whether a user has a permission.
$enforcer->hasPermissionForUser('eve', 'articles', 'read'); // true or false
See Casbin API for more APIs.
If you need multiple permission controls in your project, you can configure multiple enforcers.
In the Config\Enforcer.php
file, it should be like this:
namespace Config;
use Casbin\CodeIgniter\Config\Enforcer as BaseConfig;
use Casbin\CodeIgniter\Adapters\DatabaseAdapter;
class Enforcer extends BaseConfig
{
/*
* Default Enforcer driver
*
* @var string
*/
public $default = 'basic';
public $basic = [
/*
* Casbin model setting.
*/
'model' => [
// Available Settings: "file", "text"
'config_type' => 'file',
'config_file_path' => __DIR__.'/rbac-model.conf',
'config_text' => '',
],
/*
* Casbin adapter .
*/
'adapter' => DatabaseAdapter::class,
/*
* Database setting.
*/
'database' => [
// Database connection for following tables.
'connection' => '',
// Rule table name.
'rules_table' => 'rules',
],
'log' => [
// changes whether Casbin will log messages to the Logger.
'enabled' => false,
// Casbin Logger
'logger' => \Casbin\CodeIgniter\Logger::class,
],
'cache' => [
// changes whether Casbin will cache the rules.
'enabled' => false,
// cache Key
'key' => 'rules',
// ttl int|null
'ttl' => 24 * 60,
],
];
public $second = [
'model' => [
// ...
],
'adapter' => DatabaseAdapter::class,
// ...
];
}
Then you can choose which enforcers to use.
$enforcer->guard('second')->enforce("eve", "articles", "edit");
Authorization rules are cached to speed up performance. The default is off.
Sets your own cache configs in Config\Enforcer.php
.
'cache' => [
// changes whether Casbin will cache the rules.
'enabled' => false,
// cache Key
'key' => 'rules',
// ttl int|null
'ttl' => 24 * 60,
]
PHP-Casbin. You can find the full documentation of Casbin on the website.
This project is licensed under the Apache 2.0 license.