Home >PHP Framework >ThinkPHP >Using Casbin as permission control middleware in thinkphp
PHP-Casbin is a powerful and efficient open source access control framework that supports permission management based on various access control models.
Think-Casbin is a Casbin extension package specially customized for ThinkPHP5.1, making it easier for developers to use Casbin in thinkphp projects.
Installation
Create thinkphp project (if not available):
composer create-project topthink/think=5.1.* tp5
In the ThinkPHP project, install the Think-Casbin extension:
composer require casbin/think-adapter
Publish resources:
php think casbin:publish
This will automatically create the model configuration file config/casbin-basic-model.conf, and the Casbin configuration file config/casbin.php.
Data migration:
Because Think-Casbin stores Casbin’s policy (Policy) in the database by default, the database table information needs to be initialized.
Before execution, please ensure that the database connection information is configured correctly. If you need to modify Casbin's database connection information or table name separately, you can modify the configuration in config/casbin.php.
php think casbin:migrate
This will automatically create Casbin's policy table casbin_rule.
Middleware
ThinkPHP Starting from version 5.1.6, middleware support is officially introduced.
You can quickly generate middleware through command line instructions
php think make:middleware Authorization
This instruction will generate an Authorization middleware under the application/http/middleware directory.
In the middleware, get the current user name, URI, request method, and verify permissions through Casbin:
<?php namespace app\http\middleware; use Casbin; use think\facade\Session; class Authorization { public function handle($request, \Closure $next) { // 当前登录用户名,这里以session为例 // $user = Session::get('user_name') ?: 'test_user'; $user = Session::get('user_name'); $url = $request->url(); $action = $request->method(); if (!$user){ return response()->data('Unauthenticated.')->code(401); } if (!Casbin::enforce($user, $url, $action)) { return response()->data('Unauthorized.')->code(403); } return $next($request); } }
Casbin Model configuration
config\ casbin-basic-model.conf Configuration file:
[request_definition] r = sub, obj, act [policy_definition] p = sub, obj, act [policy_effect] e = some(where (p.eft == allow)) [matchers] m = r.sub == p.sub && keyMatch2(r.obj, p.obj) && r.act == p.act
Verification
Before performing authorization, add some default policies to the database casbin_rule table:
Add routing and its middleware:
Route::group('users', function () { Route::get('', function () { return 'Users data.'; }); Route::get('/:id', function ($id) { return 'User: '.$id; }); })->middleware(\app\http\middleware\Authorization::class);
First log in to the user and save the user name to SESSION. You can visit /users, /users/1 to verify the permissions.
Recommended tutorial: "TP5"
The above is the detailed content of Using Casbin as permission control middleware in thinkphp. For more information, please follow other related articles on the PHP Chinese website!