Support PHP-Casbin as the authorization backend to provide ACL, RBAC, ABAC at the same time

[veotax]

PHP-Casbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in casbin's language) can be persisted in files or database.
4. multiple models like ACL, BLP, RBAC, ABAC, RESTful are supported.

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I saw there are some requirements for RBAC like getting role list and permission rule, and I think PHP-Casbin is a good choice to solve them. What do you think? I think we can use PHP-Casbin as a backend for this project. Thanks.

[abiusx]

PHP Casbin seems to be a fairly recent project. It also does not report any performance numbers, which is one of the main points of this project.

…

On Jun 29, 2019, at 11:35 AM, Dave Smith ***@***.***> wrote: PHP-Casbin <https://github.com/php-casbin/php-casbin> is an authorization library that supports models like ACL, RBAC, ABAC. Related to RBAC, casbin has several advantages: roles can be cascaded, aka roles can have roles. support resource roles, so users have their roles and resource have their roles too. role = group here. the permission assignments (or policy in casbin's language) can be persisted in files or database. multiple models like ACL, BLP, RBAC, ABAC, RESTful are supported. And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible. I saw there are some requirements for RBAC like getting role list <#117> and permission rule <#107>, and I think PHP-Casbin is a good choice to solve them. What do you think? I think we can use PHP-Casbin as a backend for this project. Thanks. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#118?email_source=notifications&email_token=AAKWGWZFKDOA6SQKGJCATU3P456LFA5CNFSM4H4KUIQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4G4OK4AQ>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAKWGW7LMF6NXDZTM45RP2DP456LFANCNFSM4H4KUIQQ>.

[veotax]

It has performance data here: https://casbin.org/docs/en/benchmark , however it's in Go. I believe PHP will be a little slower as it's a dynamic language.