PHP-Casbin是一个强大高效的开源访问控制框架,支持基于各种访问控制模型的权限管理。Slim是一个PHP微框架,可帮助您快速编写简单但功能强大的Web应用程序和API。Casbin可以作为SlimFramework中的授权中间件。认证是先认证后授权。这里我们使用HTTPBasicAuthentication。slim-basic-auth提供了PSR-7和PSR-15基础认证中间件,可以使用composer安装:composerrequiretuupola/slim-basic-auth。$app->add(newHttpBasicAuthentication(['users'=>['root'=>'t00r','somebody'=>'passw0rd',],'before'=>function($request,$arguments){返回$request->withAttribute('user',$arguments['user']);},]));Casbin授权中间件本例实现了授权中间件。它首先获取当前认证的用户,当前请求的uri和方法,然后使用Casbin进行权限决策。namespaceApp\Middleware;usePsr\Http\Message\ServerRequestInterfaceasRequest;usePsr\Http\Server\RequestHandlerInterfaceasRequestHandler;useSlim\Psr7\Response;useCasbin\Enforcer;classAuthorization{/***授权中间件可调用类.**@paramServerRequest$requestPSR-7请求*@paramRequestHandler$handlerPSR-15请求处理器**@returnResponse*/publicfunction__invoke(Request$request,RequestHandler$handler):Response{$e=newEnforcer('config/rbac_model.conf','config/policy.csv');$user=$request->getAttribute('user');$uri=$request->getUri();$action=$request->getMethod();如果($user&&!$e->enforce($user,$uri->getPath(),$action)){$response=newResponse();$response->withStatus(403)->getBody()->write('Unauthorized.');返回$响应;}$响应se=$handler->handle($request);返回$响应;}}模型文件config/rbac_model.conf内容如下:[request_definition]r=sub,obj,act[policy_definition]p=sub,obj,act[role_definition]]g=_,_[policy_effect]e=some(where(p.eft==allow))[matchers]m=g(r.sub,p.sub)&&keyMatch2(r.obj,p.obj)&&r.act==p.actpolicy的内容文件config/policy.csv如下:p,root,/,GETp,root,/users,GETp,root,/users/:id,GET创建路由$app->get('/',function(Request$request,Response$response){$response->getBody()->write('HelloCasbin!');return$response;});$app->group('/users',function(Group$group){$group->get('',ListUsersAction::class);$group->get('/{id}',ViewUserAction::class);});Casbinskeletonapplicationcomplete代码:CasbinskeletonapplicationwithSlimFramework4.使用SlimFramework4配置新的Casbinskeletonapplication可以简单快捷
