BestHub
Sign in
Backend Development 5 min read

How to Install and Use Think-Authz for Role‑Based Access Control in ThinkPHP

Think-Authz is a PHP‑Casbin‑based authorization extension for ThinkPHP that supports ACL, RBAC, and ABAC models; the guide covers Composer installation, service registration, publishing configuration and migration files, using the Enforcer API, middleware integration, and custom cache handling.

Open Source Tech Hub
Open Source Tech Hub
Open Source Tech Hub
How to Install and Use Think-Authz for Role‑Based Access Control in ThinkPHP

Overview

Think-Authz is an authorization extension for ThinkPHP built on PHP‑Casbin, supporting ACL, RBAC, and ABAC access‑control models.

Installation

Install the package via Composer: composer require casbin/think-authz Register the service in the global service.php file:

return [
    // ...
    tauthz\TauthzService::class,
];

Publish the configuration and migration files: php think tauthz:publish This creates config/tauthz-rbac-model.conf and config/tauthz.php.

Run the migration (ensure the database configuration is correct): php think migrate:run A rules table is created in the database.

Usage

Quick start

After installation you can use the Enforcer facade:

use tauthz\facade\Enforcer;

// add permission for a user
Enforcer::addPermissionForUser('eve', 'articles', 'read');

// add role for a user
Enforcer::addRoleForUser('eve', 'writer');

// add policy for a role
Enforcer::addPolicy('writer', 'articles', 'edit');

Check whether a user has a permission:

if (Enforcer::enforce('eve', 'articles', 'edit')) {
    // permit
} else {
    // deny
}

Enforcer API

Commonly used methods include:

Enforcer::getAllRoles()
Enforcer::getPolicy()
Enforcer::getRolesForUser('eve')
Enforcer::getUsersForRole('writer')
Enforcer::hasRoleForUser('eve', 'writer')
Enforcer::addRoleForUser('eve', 'writer')
Enforcer::addPermissionForUser('eve', 'articles', 'read')
Enforcer::deleteRoleForUser('eve', 'writer')
Enforcer::deleteRolesForUser('eve')
Enforcer::deleteRole('writer')
Enforcer::deletePermission('articles', 'read')
Enforcer::deletePermissionForUser('eve', 'articles', 'read')
Enforcer::deletePermissionsForUser('eve')
Enforcer::getPermissionsForUser('eve')
Enforcer::hasPermissionForUser('eve', 'articles', 'read')

For a complete reference, see the Casbin API documentation.

Middleware

The package provides a middleware class \tauthz\middleware\Basic::class. Example usage:

Route::get('news/:id', 'News/Show')
    ->middleware(\tauthz\middleware\Basic::class, ['news', 'read']);

Cache configuration

Cache behavior is controlled by the cache option in config/tauthz.php. You can implement a custom cache handler by extending tauthz\cache\CacheHandler:

class MyCacheHandler extends CacheHandler
{
    public function cachePolicies(Rule $model)
    {
        return $model->cacheAlways('my_cache_key', 3600);
    }
}

Declare the custom handler in the handler key of the cache configuration.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

BackendPHPAuthorizationRBACCasbinThinkPHP
Open Source Tech Hub
Written by

Open Source Tech Hub

Sharing cutting-edge internet technologies and practical AI resources.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment