alexshelkov / Simpleacl
Licence: other
Simple ACL for PHP
Stars: ✭ 105
Projects that are alternatives of or similar to Simpleacl
Bouncer
Eloquent roles and abilities.
Stars: ✭ 2,763 (+2531.43%)
Mutual labels: authorization, auth, permissions, acl
Brandenburg
Laravel Authentication Package
Stars: ✭ 79 (-24.76%)
Mutual labels: authorization, auth, permissions, acl
Casbin4D
An authorization library that supports access control models like ACL, RBAC, ABAC in Delphi
Stars: ✭ 25 (-76.19%)
Mutual labels: permissions, acl, auth, authorization
Openstack Policy Editor
A Casbin Policy Editor for OpenStack
Stars: ✭ 28 (-73.33%)
Mutual labels: authorization, auth, acl
Php Casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
Stars: ✭ 865 (+723.81%)
Mutual labels: authorization, auth, acl
Rbac
Hierarchical Role Based Access Control for NodeJS
Stars: ✭ 857 (+716.19%)
Mutual labels: authorization, auth, permissions
lua-casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Lua (OpenResty)
Stars: ✭ 43 (-59.05%)
Mutual labels: acl, auth, authorization
sequelize-adapter
Sequelize adapter for Casbin
Stars: ✭ 51 (-51.43%)
Mutual labels: acl, auth, authorization
Sentinel
A framework agnostic authentication & authorization system.
Stars: ✭ 1,354 (+1189.52%)
Mutual labels: authorization, auth, permissions
Casbin.net
An authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#)
Stars: ✭ 535 (+409.52%)
Mutual labels: authorization, auth, acl
Vakt
Attribute-based access control (ABAC) SDK for Python
Stars: ✭ 92 (-12.38%)
Mutual labels: authorization, permissions, acl
casbin-ex
An authorization library that supports access control models like ACL, RBAC, ABAC in Elixir
Stars: ✭ 37 (-64.76%)
Mutual labels: acl, auth, authorization
feathers-casl
feathers.js + casl: hooks & channels
Stars: ✭ 25 (-76.19%)
Mutual labels: permissions, acl, authorization
dart-casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Dart/Flutter
Stars: ✭ 30 (-71.43%)
Mutual labels: acl, auth, authorization
Casl
CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access
Stars: ✭ 3,610 (+3338.1%)
Mutual labels: authorization, permissions, acl
Casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
Stars: ✭ 10,872 (+10254.29%)
Mutual labels: authorization, auth, acl
rbac-tool
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+420%)
Mutual labels: permissions, acl, authorization
caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+562.86%)
Mutual labels: acl, auth, authorization
Casbin Rs
An authorization library that supports access control models like ACL, RBAC, ABAC in Rust.
Stars: ✭ 375 (+257.14%)
Mutual labels: authorization, auth, acl
Simple Access Control List (ACL) for PHP.
Install
Using composer
Add following in your composer.json:
{
"require": {
"alexshelkov/simpleacl": "2.*"
}
}
Manual
Download library and register PSR-0 compatible autoloader.
Usage
Basic usage
Theory
There is 4 kind of objects: Rules, Roles, Resources and Acl which holds list of Rules. Some Rule can grant access for some Role to some Resource.
Create rules
Lets create "View" Rule, and with with it grant access for "User" to "Page" (note: all names are case sensitive):
$view = new Rule('View');
$view->setRole(new Role('User'));
$view->setResource(new Resource('Page'));
$view->setAction(true); // true means that we allow access
var_dump((bool)$view->isAllowed('User', 'Page')); // true
Add rules
There is not much sense in rules without Acl. So we need to add rules in it. In next example we add few rules in Acl and see whats happens.
$acl = new Acl();
$user = new Role('User');
$admin = new Role('Admin');
$siteFrontend = new Resource('SiteFrontend');
$siteBackend = new Resource('SiteBackend');
$acl->addRule($user, $siteFrontend, new Rule('View'), true);
$acl->addRule($admin, $siteFrontend, 'View', true); // you can use string as rule
$acl->addRule($admin, $siteBackend, 'View', true);
var_dump($acl->isAllowed('User', 'SiteFrontend', 'View')); // true
var_dump($acl->isAllowed('User', 'SiteBackend', 'View')); // false
var_dump($acl->isAllowed('Admin', 'SiteFrontend', 'View')); // true
var_dump($acl->isAllowed('Admin', 'SiteBackend', 'View')); // true
They are various way to add rules to Acl, addRule method accepts from one to four arguments, so you can also add rules like this:
<?php
// before add $view rule to Acl you can set it action, role or resource
$acl->addRule($view);
// where is true -- is action
$acl->addRule($view, true);
// in that case action must be set before adding rule
$acl->addRule($user, $siteBackend, $view);
Roles and resource inheritance
As you maybe notice in previous example we have some duplication of code, because both "User" and "Admin" was allowed to "View" "SiteFrontend" we added 2 rules. But it is possible to avoid this using roles inheritance.
$acl = new Acl();
$user = new Role('User');
$admin = new Role('Admin');
$user->addChild($admin); // add user's child
$siteFrontend = new Resource('SiteFrontend');
$siteBackend = new Resource('SiteBackend');
$acl->addRule($user, $siteFrontend, 'View', true);
$acl->addRule($admin, $siteBackend, 'View', true);
var_dump($acl->isAllowed('User', 'SiteFrontend', 'View')); // true
var_dump($acl->isAllowed('User', 'SiteBackend', 'View')); // false
var_dump($acl->isAllowed('Admin', 'SiteFrontend', 'View')); // true
var_dump($acl->isAllowed('Admin', 'SiteBackend', 'View')); // true
Inheritance works for resources too.
Using callbacks
You can create more complex rules using callbacks.
$acl = new Acl();
$user = new Role('User');
$siteFrontend = new Resource('SiteFrontend');
$acl->addRule($user, $siteFrontend, 'View', function (SimpleAcl\RuleResult $ruleResult) {
echo $ruleResult->getNeedRoleName() . "\n";
echo $ruleResult->getNeedResourceName() . "\n";
echo $ruleResult->getPriority() . "\n";
echo $ruleResult->getRule()->getRole()->getName() . "\n";
echo $ruleResult->getRule()->getResource()->getName() . "\n";
return true;
});
var_dump($acl->isAllowed('User', 'SiteFrontend', 'View')); // true
// Outputs:
// User
// SiteFrontend
// 0
// User
// SiteFrontend
// bool(true)
Using role and resource aggregates
It is possible to check access not for particular Role or Resource, but for objects which aggregate them. These kind of objects must implement, respectively, SimpleAcl\Role\RoleAggregateInterface and SimpleAcl\Role\ResourceAggregateInterface.
You can use SimpleAcl\Role\RoleAggregate and SimpleAcl\Role\ResourceAggregate as object which allow aggregation.
$acl = new Acl();
$user = new Role('User');
$admin = new Role('Admin');
$all = new RoleAggregate;
$all->addRole($user);
$all->addRole($admin);
$siteFrontend = new Resource('SiteFrontend');
$siteBackend = new Resource('SiteBackend');
$acl->addRule($user, $siteFrontend, 'View', true);
$acl->addRule($admin, $siteBackend, 'View', true);
var_dump($acl->isAllowed($all, 'SiteFrontend', 'View')); // true
var_dump($acl->isAllowed($all, 'SiteBackend', 'View')); // true
You can have access to role and resource aggregates in callbacks.
$acl->addRule($user, $siteFrontend, 'View', function (SimpleAcl\RuleResult $ruleResult) {
var_dump($ruleResult->getRoleAggregate());
var_dump($ruleResult->getResourceAggregate());
});
var_dump($acl->isAllowed($all, 'SiteFrontend', 'View')); // true
For more help check out wiki pages.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].