php-casbin / think-authz Goto Github PK
View Code? Open in Web Editor NEWAn authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP.
License: Apache License 2.0
An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP.
License: Apache License 2.0
请问这个怎么办 Could not find a version of package casbin/think-authz matching your minimum-stabilit
y (stable). Require it with an explicit version constraint allowing its desired stabi
lity.
rbac_with_domains_model.conf
[request_definition]
r = sub, dom, obj, act
[policy_definition]
p = sub, dom, obj, act
[role_definition]
g = _, _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub, r.dom) && r.dom == p.dom && r.obj == p.obj && r.act == p.act
rbac_with_domains_policy.csv
p, admin, www.tinywan.com, data1, read
p, admin, www.tinywan.com, data1, write
p, admin, domain2, data2, read
p, admin, domain2, data2, write
g, alice, admin, www.tinywan.com
g, bob, admin, domain2
use php-casbin check
$e = new Enforcer(public_path()."rbac_with_domains_model.conf", public_path()."rbac_with_domains_policy.csv");
$sub = "alice";
$dom = "www.tinywan.com";
$obj = "data1";
$act = "read";
if ($e->enforce($sub, $dom,$obj, $act) === true) {
dd('true');
} else {
dd('false');
}
result
true
use think-authz check
$sub = "alice";
$dom = "www.tinywan.com";
$obj = "data1";
$act = "read";
if (Enforcer::enforce($sub, $dom, $obj, $act) === true) {
dd('true');
} else {
dd('false');
}
result
false
使用自己的验证模型,一直无法通过验证,但是数据库中记录是存在的。
使用
Enforcer::getPolicy();
也能打印出内容。
代码中执行:
public function index(){
print_r(Enforcer::getPolicy());
$haspermission = Enforcer::enforce('backend', '31', '32', '/auth/login', '*');
var_dump($haspermission);
//返回了bool(false)
}
手动添加一条规则再执行enforce,则能够返回true,但下一次请求又会变成false。
Enforcer::addPolicy('backend', '31', '32', '/auth/login', '*');
模型conf文件:
[request_definition]
r = end, school_id, user_id, path, method
[policy_definition]
p = end, school_id, user_id, path, method
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.end == p.end && r.school_id == p.school_id && r.user_id == p.user_id && keyMatch(r.path, p.path) && keyMatch(r.method, p.method)
在使用中间件 tauthz\middleware\base::class 时,Unauthorized 异常触发并没有message属性,建议添加
没支持thinkphp版本8.0,要更新下composer.json
我把代码全翻了一遍,没有相关的代码,甚至在tauthz.php改了model也不太行
#0 [0]ValueError in [CoreEnforcer.php line 644]
发现代码有数据库查询缓存,并且还是永久的,能否可以提供过期选项。
还是需要开发者 手动清缓存?
打印日志
[2020-09-25T13:11:24+08:00][info] Model:
[2020-09-25T13:11:24+08:00][info] r.r: sub, obj, act
[2020-09-25T13:11:24+08:00][info] p.p: sub, obj, act
[2020-09-25T13:11:24+08:00][info] e.e: some(where (p_eft == allow))
[2020-09-25T13:11:24+08:00][info] m.m: g(r_sub, p_sub) && keyMatch2(r_obj, p_obj) && regexMatch(r_act, p_act)
[2020-09-25T13:11:24+08:00][info] g.g: _, _
[2020-09-25T13:11:24+08:00][info] Policy:
[2020-09-25T13:11:24+08:00][info] p: sub, obj, act: [["teacher_role","\/api\/groups","POST"],["student_role","\/api\/books\/:id","GET"],["110","\/api\/groups","POST"]]
[2020-09-25T13:11:24+08:00][info] g: _, _: [["teacher_student_group","teacher_role"],["56","teacher_student_group"]]
[2020-09-25T13:11:24+08:00][info] Role links for: g
[2020-09-25T13:11:24+08:00][info] teacher_student_group < teacher_role, 56 < teacher_student_group
[2020-09-25T13:11:24+08:00][info] Request: 110, /api/groups, POST ---> 1
验证权限:
Enforcer::enforce(strval($uid), $url, $action) === true
打印日志
[2020-09-25T13:12:49+08:00][info] Model:
[2020-09-25T13:12:49+08:00][info] r.r: sub, obj, act
[2020-09-25T13:12:49+08:00][info] p.p: sub, obj, act
[2020-09-25T13:12:49+08:00][info] e.e: some(where (p_eft == allow))
[2020-09-25T13:12:49+08:00][info] m.m: g(r_sub, p_sub) && keyMatch2(r_obj, p_obj) && regexMatch(r_act, p_act)
[2020-09-25T13:12:49+08:00][info] g.g: _, _
[2020-09-25T13:12:49+08:00][info] Policy:
[2020-09-25T13:12:49+08:00][info] p: sub, obj, act: [["teacher_role","\/api\/groups","POST"],["student_role","\/api\/books\/:id","GET"],["1111","\/api\/groups","POST"]]
[2020-09-25T13:12:49+08:00][info] g: _, _: [["teacher_student_group","teacher_role"],["110","student_role"]]
[2020-09-25T13:12:49+08:00][info] Role links for: g
[2020-09-25T13:12:49+08:00][info] teacher_student_group < teacher_role, 110 < student_role
[2020-09-25T13:12:49+08:00][info] Request: 110, /api/groups, POST --->
验证权限:
Enforcer::enforce(strval($uid), $url, $action) === false
升级 topthink/think-migration 3.1 运行 php think tauthz:publish 报错
使用composer安装出现以下错误:
[InvalidArgumentException]
Could not find a version of package casbin/think-authz matching your minimum-stability (stable). Require it with an
explicit version constraint allowing its desired stability.
研究了一下,好像只能一对一匹配路由权限,无法通过restful形式,请问有解决办法吗?
有实际的应用项目吗?
想参考下。
安装了这个扩展 影响了 本地上传的 \think\Facade\Filesystem::getDiskConfig ('public', 'url') 这个方法
怎么添加自定义函数?
差了一个action 参数
包中的代码:
文档中API 调用:
赋予权限给某个用户或角色:
// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');
我卸载了一次 再次安装不知道为什么一直出现
grouping policy elements do not meet role definition 这个错误 流程都是正确的
Trace Error:
Class tauthz\adapter\DatabaseAdapter contains 1 abstract method and must therefore be declared abstract or implement the remaining methods
(Casbin\Persist\UpdatableAdapter::updateFilteredPolicies) in
vendor/casbin/think-authz/src/adapter/DatabaseAdapter.php on line 17
I'm using addRoleForUser methods to add some role.
This is my model file (RBAC):
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
项目的 readme.md 文件中
赋予权限给某个用户或角色:
// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');
删除某个用户或角色的所有权限:
// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');
两处 均各举 to user 与 to role 的例子
但 注释为 to role 的例子,均为 xxxForUser( )
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)
p 25 articles GET
uid=23 url=/api/projects/10086 action=PUT
"error_message": "Argument 1 passed to Casbin\\Rbac\\DefaultRoleManager\\RoleManager::hasLink() must be of the type string, int given, called in /var/www/apitest.zhipeizaixian.com/vendor/casbin/casbin/src/Util/BuiltinOperations.php on line 279",
这个缓存怎么在调试阶段关闭
file: src/adapter/DatabaseAdapter.php
Use loadPolicyArray instead of loadPolicyLine
传递给loadPolicyArray的第一个数组参数变更了。
1.5.2 ["p", "writer","articles","edit"]
1.5.3 [1, "p", "writer","articles","edit"]
Enforcer::AddRoleForUserInDomain('alice', 'writer', 'admin')
Enforcer::addPolicy('writer', 'admin', 'articles','edit')
Enforcer::GetUsersForRoleInDomain("alice", "admin")
请问这几步哪里出错了?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.