BestHub
Sign in
Information Security 4 min read

How to Implement RBAC with PHP‑Casbin: Installation, Configuration, and Permission Checks

This guide shows how to install PHP‑Casbin, configure an RBAC model, initialize an enforcer with a MySQL adapter, add roles and permissions, and verify access decisions for different users using concrete code examples.

Open Source Tech Hub
Open Source Tech Hub
Open Source Tech Hub
How to Implement RBAC with PHP‑Casbin: Installation, Configuration, and Permission Checks

Introduction

PHP‑Casbin is a powerful, high‑performance open‑source access‑control framework that supports permission management based on various models.

Installation

Install via Composer:

composer require casbin/casbin
composer require casbin/database-adapter

RBAC Model Configuration

The model.conf file defines request, policy, role definitions, effect, and matchers. Example content:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

# RBAC role inheritance definition
[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)

Initialize a Casbin Enforcer

Create a database adapter and an Enforcer instance pointing to the model file:

use Casbin\Enforcer;
use CasbinAdapter\Database\Adapter;

$adapter = Adapter::newAdapter([
    'type' => 'mysql',
    'hostname' => '127.0.0.1',
    'database' => 'test',
    'username' => 'root',
]);

$enforcer = new Enforcer('path/to/model.conf', $adapter);

Add Policies and Roles

Assign roles to users and permissions to roles:

// alice has the admin role
$enforcer->addRoleForUser('alice', 'admin');
// bob has the member role
$enforcer->addRoleForUser('bob', 'member');

// member role can read /foo and /foo/:id
$enforcer->addPermissionForUser('member', '/foo', 'GET');
$enforcer->addPermissionForUser('member', '/foo/:id', 'GET');

// admin inherits member permissions and gets full CRUD on /foo
$enforcer->addRoleForUser('admin', 'member');
$enforcer->addPermissionForUser('admin', '/foo', 'POST');
$enforcer->addPermissionForUser('admin', '/foo/:id', 'PUT');
$enforcer->addPermissionForUser('admin', '/foo/:id', 'DELETE');

Resulting policy rules stored in the database look like:

g, alice, admin
g, bob, member

p, member, /foo, GET
p, member, /foo/:id, GET

g, admin, member

p, admin, /foo, POST
p, admin, /foo/:id, PUT
p, admin, /foo/:id, DELETE

Permission Verification

Check permissions for a user. Alice, as admin, inherits both admin and member permissions, so all checks return true:

$enforcer->enforce('alice', '/foo', 'GET');    // true
$enforcer->enforce('alice', '/foo', 'POST');   // true
$enforcer->enforce('alice', '/foo/1', 'PUT');  // true
$enforcer->enforce('alice', '/foo/1', 'DELETE'); // true

Bob, as a member, only has read access; write checks return false:

$enforcer->enforce('bob', '/foo', 'GET');    // true
$enforcer->enforce('bob', '/foo', 'POST');   // false
$enforcer->enforce('bob', '/foo/1', 'PUT');  // false
$enforcer->enforce('bob', '/foo/1', 'DELETE'); // false
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Backend Developmentaccess controlPHPinformation securityRBACCasbin
Open Source Tech Hub
Written by

Open Source Tech Hub

Sharing cutting-edge internet technologies and practical AI resources.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment