Overseer is a framework agnostic RBAC implementation in PHP.
Overseer is developed using PHP OOP best practices and meets the PHP-FIG standards. It is not only framework agnostic, but also storage agnostic, which allows you to use it together with your favorite libraries.
- Role inhertiance
- Permission business rules
- Resource based permissions
- Configurable
- Unit tests
- Refactoring
- README
Overseer comes bundled with a runtime storage implementation that is suitable for non-production use. If you plan on using Overseer in production we suggest that you implement persistent storage and caching to improve performance.
The following script demonstrates usage (you can find the rest of the code in the example folder):
<?php
require(__DIR__ . '/../vendor/autoload.php');
require(__DIR__ . '/User.php');
require(__DIR__ . '/HasAuthor.php');
require(__DIR__ . '/Book.php');
require(__DIR__ . '/AuthorRule.php');
use Crisu83\Overseer\Entity\Assignment;
use Crisu83\Overseer\Entity\Permission;
use Crisu83\Overseer\Entity\Role;
use Crisu83\Overseer\Overseer;
use Crisu83\Overseer\Runtime\AssignmentStorage;
use Crisu83\Overseer\Runtime\PermissionStorage;
use Crisu83\Overseer\Runtime\RoleStorage;
$roleStorage = new RoleStorage;
$permissionStorage = new PermissionStorage;
$assignmentStorage = new AssignmentStorage;
$overseer = new Overseer($roleStorage, $permissionStorage, $assignmentStorage);
$myUser = new User(1); // subject
$myBook = new Book(1); // resource
$writer = new Role('writer');
$editor = new Role('editor');
$write = new Permission('book.write', 'book');
$author = new Permission('book.author', 'book');
$read = new Permission('book.read', 'book');
$author->addRule(new AuthorRule);
$writer->addPermission('book.write');
$writer->addPermission('book.author');
$editor->addPermission('book.read');
$overseer->saveRole($writer);
$overseer->saveRole($editor);
$overseer->savePermission($read);
$overseer->savePermission($write);
$overseer->savePermission($author);
$overseer->saveAssignment(new Assignment(1, ['writer', 'editor']));
echo "My permissions: " . PHP_EOL;
echo " " . implode(', ', $overseer->getPermissions($myUser)) . PHP_EOL;
echo "My permissions to the book: " . PHP_EOL;
echo " " . implode(', ', $overseer->getPermissions($myUser, $myBook)) . PHP_EOL;
if ($overseer->hasPermission('book.author', $myUser, $myBook)) {
echo "I am the author of the book." . PHP_EOL;
} else {
echo "I am not the author of the book" . PHP_EOL;
}
Here is the output from that script:
My permissions:
book.read, book.write
My permissions to the book:
book.read, book.write, book.author
I am the author of the book.