2017 © Pedro Peláez
 

library php-abac

Library used to implement Attribute-Based Access Control in a PHP application

image

kilix/php-abac

Library used to implement Attribute-Based Access Control in a PHP application

  • Thursday, June 7, 2018
  • by csanquer
  • Repository
  • 14 Watchers
  • 60 Stars
  • 5,705 Installations
  • PHP
  • 1 Dependents
  • 0 Suggesters
  • 19 Forks
  • 9 Open issues
  • 14 Versions
  • 11 % Grown

The README.md

[CraftCamp] php-abac

Attribute-Based Access Control implementation library

Latest Stable Version Latest Unstable Version Build Status Code Coverage Scrutinizer Code Quality Total Downloads License, (*1)

Introduction

This library is meant to implement the concept of ABAC in your PHP applications., (*2)

The concept is to manage access control using attributes : from users, from resources and environment., (*3)

It allows us to define rules based on the properties of the user object and optionally the accessed object., (*4)

These rules will be checked in your application to determine if an user is allowed to perform an action., (*5)

The following links explain what ABAC is :, (*6)

Installation

Using composer :, (*7)

composer require craftcamp/php-abac

Then you will have to configure the attributes and the rules of your application., (*8)

For more details about this, please refer to the dedicated documentation, (*9)

Documentation

Usage Examples

Example with only user attributes defined in the rule, (*10)

We have in this example a single object, representing the current user., (*11)

This object have properties, with getter methods to access the values., (*12)

For example, we can code :, (*13)

<?php

use PhpAbac\AbacFactory;

class User{
    protected $id;

    protected $isBanned;

    public function getId() {
        return $this->id;
    }

    public function setIsBanned($isBanned) {
        $this->isBanned = $isBanned;

        return $this;
    }

    public function getIsBanned() {
        return $this->isBanned;
    }
}

$user = new User();
$user->setIsBanned(true);

$abac = AbacFactory::getAbac([
    'policy_rule_configuration.yml'
]);
$abac->enforce('create-group', $user);

The attributes checked by the rule can be :, (*14)

User
isBanned = false

Example with both user and object attributes, (*15)

use PhpAbac\AbacFactory;

$abac = AbacFactory::getAbac([
    'policy_rule_configuration.yml'
]);
$check = $abac->enforce('read-public-group', $user, $group);

The checked attributes can be :, (*16)

User Group
isBanned = 0 isActive = 1
isPublic = 1

Example with dynamic attributes, (*17)

<?php

use PhpAbac\AbacFactory;

$abac = AbacFactory::getAbac([
    'policy_rule_configuration.yml'
]);
$check = $abac->enforce('edit-group', $user, $group, [
    'dynamic-attributes' => [
        'group-owner' => $user->getId()
    ]
]);

Example with referenced attributes, (*18)

The configuration shall be :, (*19)

attributes:
    group:
        class: MyApp\Model\Group
        type: resource
        fields:
            author.id:
                name: Author ID
    app_user:
        class: MyApp\Model\User
        type: user
        fields:
            id:
                name: User ID

rules:
    remove-group:
        attributes:
            app_user.id:
                comparison: object
                comparison_type: isFieldEqual
                value: group.author.id

And then the code :, (*20)

<?php

use PhpAbac\AbacFactory;

$abac = AbacFactory::getAbac([
    'policy_rule_configuration.yml'
]);
$check = $abac->enforce('remove-group', $user, $group);

Example with cache, (*21)

$check = $abac->enforce('edit-group', $user, $group, [
    'cache_result' => true,
    'cache_ttl' => 3600, // Time To Live in seconds
    'cache_driver' => 'memory' // memory is the default driver, you can avoid this option
]);

Example with multiple rules (ruleSet) for an unique rule. Each rule are tested and the treatment stop when the first rule of the ruleSet allow access, (*22)

The configuration shall be (alcoolaw.yml):, (*23)

attributes:
    main_user:
        class: PhpAbac\Example\User
        type: user
        fields:
            age:
                name: Age
            country:
                name: Code ISO du pays
rules:
    alcoollaw:
        -
            attributes:
                main_user.age:
                    comparison_type: numeric
                    comparison: isGreaterThan
                    value: 18
                main_user.country:
                    comparison_type: string
                    comparison: isEqual
                    value: FR
        -
            attributes:
                main_user.age:
                    comparison_type: numeric
                    comparison: isGreaterThan
                    value: 21
                main_user.country:
                    comparison_type: string
                    comparison: isNotEqual
                    value: FR

And then the code :, (*24)

<?php

use PhpAbac\AbacFactory;

$abac = AbacFactory::getAbac([
    'alcoollaw.yml'
]);
$check = $abac->enforce('alcoollaw', $user);

Example with rules root directory passed to Abac class. This feature allow to give a policy definition rules directory path directly to the Abac class without adding to all files :, (*25)

Considering we have 3 yaml files : - rest/conf/policy/user_def.yml - rest/conf/policy/gunlaw.yml, (*26)

The php code can be :, (*27)

<?php

use PhpAbac\AbacFactory;

$abac = AbacFactory::getAbac([
    'user_def.yml',
    'gunlaw.yml',
],[],'rest/conf/policy/');
$check = $abac->enforce('gunlaw', $user);

Contribute

If you want to contribute, don't hesitate to fork the library and submit Pull Requests., (*28)

You can also report issues, suggest enhancements, feel free to give advices and your feedback about this library., (*29)

It's not finished yet, there's still a lot of features to implement to make it better. If you want to be a part of this library improvement, let us know !, (*30)

See also

The Versions

07/06 2018

dev-develop

dev-develop

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

The Development Requires

by Axel Venet

security attributes access-control

31/01 2018

dev-master

9999999-dev

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

31/01 2018

v2.1.2

2.1.2.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

12/12 2016

v2.1.1

2.1.1.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

09/10 2016

v2.1.0

2.1.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

04/06 2016

v2.0.3

2.0.3.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

03/06 2016

v2.0.2

2.0.2.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

02/06 2016

v2.0.1

2.0.1.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

26/05 2016

v2.0.0

2.0.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

20/04 2016

v1.2.0

1.2.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

The Requires

 

by Axel Venet

security attributes access-control

17/11 2015

v1.1

1.1.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

by Axel Venet

security attributes access-control

16/11 2015

v1.0

1.0.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

MIT

by Axel Venet

security attributes access-control

25/08 2015

v0.3

0.3.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

by Axel Venet

05/08 2015

v0.2

0.2.0.0

Library used to implement Attribute-Based Access Control in a PHP application

  Sources   Download

by Axel Venet