{"id":16464484,"url":"https://github.com/deatil/larke-auth","last_synced_at":"2025-04-29T12:31:29.071Z","repository":{"id":57010783,"uuid":"307413317","full_name":"deatil/larke-auth","owner":"deatil","description":"An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel.","archived":false,"fork":false,"pushed_at":"2024-03-14T04:27:51.000Z","size":38,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-12T11:27:39.505Z","etag":null,"topics":["auth","laravel","php-casbin"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deatil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-10-26T15:13:01.000Z","updated_at":"2022-02-22T14:08:20.000Z","dependencies_parsed_at":"2024-03-14T05:26:31.615Z","dependency_job_id":"1ad315d7-9525-41de-99fb-46f37d010693","html_url":"https://github.com/deatil/larke-auth","commit_stats":{"total_commits":31,"total_committers":1,"mean_commits":31.0,"dds":0.0,"last_synced_commit":"a13ae6fd8025eaca2f2457eda12117e3cb5c801d"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Flarke-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Flarke-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Flarke-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Flarke-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deatil","download_url":"https://codeload.github.com/deatil/larke-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224170408,"owners_count":17267572,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","laravel","php-casbin"],"created_at":"2024-10-11T11:27:59.420Z","updated_at":"2024-11-11T20:22:00.233Z","avatar_url":"https://github.com/deatil.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n    Laravel Authorization\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cstrong\u003elarke-auth is an authorization library for the laravel framework.\u003c/strong\u003e    \n\u003c/p\u003e\n\nThe `code` is from [laravel-authz](https://github.com/php-casbin/laravel-authz)\n\nIt's based on [Casbin](https://github.com/php-casbin/php-casbin), an authorization library that supports access control models like ACL, RBAC, ABAC.\n\nAll you need to learn to use `Casbin` first.\n\n* [Installation](#installation)\n* [Usage](#usage)\n  * [Quick start](#quick-start)\n  * [Using Enforcer Api](#using-enforcer-api)\n  * [Using a middleware](#using-a-middleware)\n    * [basic Enforcer Middleware](#basic-enforcer-middleware)\n    * [HTTP Request Middleware ( RESTful is also supported )](#http-request-middleware--restful-is-also-supported-)\n  * [Multiple enforcers](#multiple-enforcers)\n  * [Using artisan commands](#using-artisan-commands)\n  * [Cache](#using-cache)\n* [Thinks](#thinks)\n* [License](#license)\n\n## Installation\n\nRequire this package in the `composer.json` of your Laravel project. This will download the package.\n\n```\ncomposer require lake/larke-auth\n```\n\nThe `Larke\\Auth\\ServiceProvider` is `auto-discovered` and registered by default, but if you want to register it yourself:\n\nAdd the ServiceProvider in `config/app.php`\n\n```php\n'providers' =\u003e [\n    /*\n     * Package Service Providers...\n     */\n    Larke\\Auth\\ServiceProvider::class,\n]\n```\n\nThe Enforcer facade is also `auto-discovered`, but if you want to add it manually:\n\nAdd the Facade in `config/app.php`\n\n```php\n'aliases' =\u003e [\n    // ...\n    'Enforcer' =\u003e Larke\\Auth\\Facades\\Enforcer::class,\n]\n```\n\nTo publish the config, run the vendor publish command:\n\n```\nphp artisan vendor:publish --tag=larke-auth-config\n```\n\nThis will create a new model config file named `config/larkeauth-rbac-model.conf.bak` and a new larkeauth config file named `config/larkeauth.php.bak`.\n\nYou need copy the file `config/larkeauth-rbac-model.conf.larkeauth` to file `config/larkeauth-rbac-model.conf` \n\nand copy the file `config/larkeauth.php.larkeauth` to file `config/larkeauth.php`\n\nTo install auth:\n\n```\nphp artisan larke-auth:install\n```\n\nThis will create a new table named `rules`\n\n\n## Usage\n\n### Quick start\n\nOnce installed you can do stuff like this:\n\n```php\n\nuse Enforcer;\n\n// adds permissions to a user\nEnforcer::addPermissionForUser('eve', 'articles', 'read');\n// adds a role for a user.\nEnforcer::addRoleForUser('eve', 'writer');\n// adds permissions to a rule\nEnforcer::addPolicy('writer', 'articles','edit');\n\n```\n\nYou can check if a user has a permission like this:\n\n```php\n// to check if a user has permission\nif (Enforcer::enforce(\"eve\", \"articles\", \"edit\")) {\n    // permit eve to edit articles\n} else {\n    // deny the request, show an error\n}\n\n```\n\n### Using Enforcer Api\n\nIt provides a very rich api to facilitate various operations on the Policy:\n\nGets all roles:\n\n```php\nEnforcer::getAllRoles(); // ['writer', 'reader']\n```\n\nGets all the authorization rules in the policy.:\n\n```php\nEnforcer::getPolicy();\n```\n\nGets the roles that a user has.\n\n```php\nEnforcer::getRolesForUser('eve'); // ['writer']\n```\n\nGets the users that has a role.\n\n```php\nEnforcer::getUsersForRole('writer'); // ['eve']\n```\n\nDetermines whether a user has a role.\n\n```php\nEnforcer::hasRoleForUser('eve', 'writer'); // true or false\n```\n\nAdds a role for a user.\n\n```php\nEnforcer::addRoleForUser('eve', 'writer');\n```\n\nAdds a permission for a user or role.\n\n```php\n// to user\nEnforcer::addPermissionForUser('eve', 'articles', 'read');\n// to role\nEnforcer::addPermissionForUser('writer', 'articles','edit');\n```\n\nDeletes a role for a user.\n\n```php\nEnforcer::deleteRoleForUser('eve', 'writer');\n```\n\nDeletes all roles for a user.\n\n```php\nEnforcer::deleteRolesForUser('eve');\n```\n\nDeletes a role.\n\n```php\nEnforcer::deleteRole('writer');\n```\n\nDeletes a permission.\n\n```php\nEnforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).\n```\n\nDeletes a permission for a user or role.\n\n```php\nEnforcer::deletePermissionForUser('eve', 'articles', 'read');\n```\n\nDeletes permissions for a user or role.\n\n```php\n// to user\nEnforcer::deletePermissionsForUser('eve');\n// to role\nEnforcer::deletePermissionsForUser('writer');\n```\n\nGets permissions for a user or role.\n\n```php\nEnforcer::getPermissionsForUser('eve'); // return array\n```\n\nDetermines whether a user has a permission.\n\n```php\nEnforcer::hasPermissionForUser('eve', 'articles', 'read');  // true or false\n```\n\nSee [Casbin API](https://casbin.org/docs/en/management-api) for more APIs.\n\n### Using a middleware\n\nBefore,you need create a file:\n\n```php\n\u003c?php\n\nnamespace App\\Auth;\n\nuse Larke\\Auth\\Contracts\\AuthUser;\n\nclass YourAuthUser extends AuthUser\n{\n    /**\n     * @return string|int\n     */\n    public function getIdentifier()\n    {\n        $id = ...;\n        return $id;\n    }\n}\n```\n\nThen, you need bind `YourAuthUser` class:\n\n```php\n$this-\u003eapp-\u003ebind(\n    \\Larke\\Auth\\Contracts\\AuthUser::class, \n    \\App\\Auth\\YourAuthUser:class\n);\n```\n\nThis package comes with `EnforcerMiddleware`, `RequestMiddleware` middlewares. You can add them inside your `app/Http/Kernel.php` file.\n\n```php\nprotected $routeMiddleware = [\n    // ...\n    // a basic Enforcer Middleware\n    'enforcer' =\u003e \\Larke\\Auth\\Middlewares\\EnforcerMiddleware::class,\n    // an HTTP Request Middleware\n    'http_request' =\u003e \\Larke\\Auth\\Middlewares\\RequestMiddleware::class,\n];\n```\n\n#### basic Enforcer Middleware\n\nThen you can protect your routes using middleware rules:\n\n```php\nRoute::group(['middleware' =\u003e ['enforcer:articles,read']], function () {\n    // pass\n});\n```\n\n#### HTTP Request Middleware ( RESTful is also supported )\n\nIf you need to authorize a Request, you need to define the model configuration first in `config/larkeauth-rbac-model.conf`:\n\n```ini\n[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = g(r.sub, p.sub) \u0026\u0026 keyMatch2(r.obj, p.obj) \u0026\u0026 regexMatch(r.act, p.act)\n```\n\nThen, using middleware rules:\n\n```php\nRoute::group(['middleware' =\u003e ['http_request']], function () {\n    Route::resource('photo', 'PhotoController');\n});\n```\n\n### Multiple enforcers\n\nIf you need multiple permission controls in your project, you can configure multiple enforcers.\n\nIn the larkeauth file, it should be like this:\n\n```php\nreturn [\n    'default' =\u003e 'basic',\n    \n    'guards' =\u003e [\n        'basic' =\u003e [\n            'model' =\u003e [\n                // ...\n            ],\n\n            'adapter' =\u003e Larke\\Auth\\Adapters\\DatabaseAdapter::class,\n            // ...\n        ],\n\n        'second' =\u003e [\n            'model' =\u003e [\n                // ...\n            ],\n\n            'adapter' =\u003e Larke\\Auth\\Adapters\\DatabaseAdapter::class,\n            // ...\n        ],\n    ],\n    \n];\n\n```\n\nThen you can choose which enforcers to use.\n\n```php\nEnforcer::guard('second')-\u003eenforce(\"eve\", \"articles\", \"edit\");\n```\n\n\n### Using artisan commands\n\nYou can create a policy from a console with artisan commands.\n\nTo user:\n\n```bash\nphp artisan policy:add eve,articles,read\n```\n\nTo Role:\n\n```bash\nphp artisan policy:add writer,articles,edit\n```\n\nAdds a role for a user:\n\n```bash\nphp artisan role:assign eve writer\n```\n\n### Using cache\n\nAuthorization rules are cached to speed up performance. The default is off.\n\nSets your own cache configs in Laravel's `config/larkeauth.php`. \n\n```php\n'cache' =\u003e [\n    // changes whether larkeauth will cache the rules.\n    'enabled' =\u003e false,\n\n    // cache store\n    'store' =\u003e 'default',\n\n    // cache Key\n    'key' =\u003e 'rules',\n\n    // ttl \\DateTimeInterface|\\DateInterval|int|null\n    'ttl' =\u003e 24 * 60,\n],\n```\n\n## Thinks\n\n[Casbin](https://github.com/php-casbin/php-casbin) in Laravel. You can find the full documentation of Casbin [on the website](https://casbin.org/).\n\n## License\n\nThis project is licensed under the [Apache 2.0 license](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeatil%2Flarke-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeatil%2Flarke-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeatil%2Flarke-auth/lists"}