Light RBAC is a simple Role-Based Access Control (RBAC) system implemented in PHP.
The Rbac class is the main class of the system. It manages roles and users.
$roles: An instance ofRoleManagerthat manages all roles in the system.$users: An instance ofUserManagerthat manages all users in the system.
addUser(string $name, array $roles = []): User: Adds a user with the given name and roles to the system. If the user already exists, it adds the roles to the existing user.addRole(string $name): Adds a role with the given name to the system. If the role already exists, it returns the existing role.getRole(string $name): Returns the role with the given name.removeRole(string $name): Removes the role with the given name from the system.getUser(string $name): Returns the user with the given name.removeUser(string $name): Removes the user with the given name from the system.getPermissions(): array: Returns all permissions in the system.
First, create an instance of the Rbac class. Then, use the addUser and addRole methods to add users and roles to the system. Use the getRole method to retrieve a role by its name.
$rbac = new \Light\Rbac\Rbac();
$rbac->addRole('admin');
$rbac->addUser('John Doe', ['admin']);
$admin = $rbac->getRole('admin');Permissions can be assigned to roles. A permission is a string that represents a certain action or resource. For example, post:read, post:write, post:delete, etc.
$role = $rbac->addRole('admin');
$role->addPermission('post:read');
$role->addPermission('post:write');To check if a user has a certain permission, use the can method of the User class.
$user = $rbac->addUser('John Doe', ['admin']);
if ($user->can('post:read')) {
echo 'John Doe can read posts.';
}You can use the asterisk * to represent all permissions.
$role = $rbac->addRole('admin');
$role->addPermission('*');
if ($role->can('post:read')) {
echo 'Admin can read posts.';
}You can also use the asterisk 'resource:*' to represent all permissions for a specific resource.
$role = $rbac->addRole('admin');
$role->addPermission('post:*');
if ($role->can('post:read')) {
echo 'Admin can read posts.';
}To check if a user has a certain role, use the hasRole method of the User class.
$user = $rbac->addUser('John Doe', ['admin']);
if ($user->hasRole('admin')) {
echo 'John Doe is an admin.';
}$admin = $rbac->addRole('admin');
$admin->addChild('editor');
$rbac->getRole('editor')->addPermission('post:read');
if($admin->can('post:read')) {
echo 'Admin can read posts.';
}