PHP-Casbin is a powerful and efficient open source access control framework that supports permission management based on various access control models (RBAC ABAC ACL).
ABAC is attribute-based access control, which can use the attributes of the subject, object, or action to control access instead of the string itself.
Recommended: "PHP Tutorial"
The official example of ABAC is as follows:
[request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [policy_effect] e = some(where (p.eft == allow)) [matchers] m = r.sub == r.obj.owner
This is the definition of the r.obj class:
$data1 = new \stdClass(); $data1->name = 'data1'; $data1->owner = 'alice'; $data2 = new \stdClass(); $data2->name = 'data2'; $data2->owner = 'bob';
Then use the decider to make decisions:
$e->enforce('alice', $data1, 'read'); // true $e->enforce('alice', $data2, 'read'); // false $e->enforce('bob', $data1, 'read'); // false $e->enforce('bob', $data2, 'read'); // true
The above is the detailed content of ABAC permission control based on PHP-Casbin. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
