ABAC permission control based on PHP-Casbin

PHP-Casbin is a powerful and efficient open source access control framework that supports permission management based on various access control models (RBAC ABAC ACL).

ABAC is attribute-based access control, which can use the attributes of the subject, object, or action to control access instead of the string itself.

Recommended: "PHP Tutorial"

The official example of ABAC is as follows:

[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == r.obj.owner

This is the definition of the r.obj class:

$data1 = new \stdClass();
$data1->name = 'data1';
$data1->owner = 'alice';
$data2 = new \stdClass();
$data2->name = 'data2';
$data2->owner = 'bob';

Then use the decider to make decisions:

$e->enforce('alice', $data1, 'read');  // true
$e->enforce('alice', $data2, 'read');  // false
$e->enforce('bob', $data1, 'read');  // false
$e->enforce('bob', $data2, 'read');  // true

The above is the detailed content of ABAC permission control based on PHP-Casbin. For more information, please follow other related articles on the PHP Chinese website!