Master Casbin: Beginner’s Guide to Powerful Access Control for PHP/Webman

Introduction

Casbin is a powerful, high‑performance open‑source access‑control framework that supports multiple access‑control models and many programming languages such as Go, Java, Node.js, Python, and PHP.

Supported Languages

Official implementations include Casbin (core), jCasbin (Java), node‑Casbin, PHP‑Casbin, PyCasbin, Casbin4D, Casbin‑Net, and Casbin‑RS. Most of them are production‑ready, while some are experimental or work‑in‑progress.

Key Features

Customizable request format; default is {subject, object, action}.

Storage of access‑control models and policies.

Multi‑level role inheritance for both subjects and resources.

Support for super‑users (e.g., root or Administrator) that bypass policies.

Built‑in operators like keyMatch for path‑style resource matching (e.g., /foo/bar matches /foo*).

What Casbin Does Not Do

Casbin does not handle authentication (verifying usernames and passwords). Authentication should be performed by a separate component, while Casbin focuses solely on authorization. It also does not store user or role lists; those should be managed by the application.

Plugin Integration (Webman)

Installation

composer require -W casbin/webman-permission

Configuration

1. Dependency Injection – edit config/container.php to return a DI container with the required definitions.

$builder = new \DI\ContainerBuilder();
$builder->addDefinitions(config('dependence', []));
$builder->useAutowiring(true);
return $builder->build();

2. Database Setup – By default Casbin uses ThinkORM. If you prefer Laravel’s illuminate/database, follow the official Webman DB tutorial.

• For ThinkORM, modify thinkorm.php. • For Laravel DB, adjust database.php and set the adapter in permission.php to the Laravel adapter.

3. Create the policy table casbin_rule:

CREATE TABLE `casbin_rule` (
  `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
  `ptype` VARCHAR(128) NOT NULL DEFAULT '',
  `v0` VARCHAR(128) NOT NULL DEFAULT '',
  `v1` VARCHAR(128) NOT NULL DEFAULT '',
  `v2` VARCHAR(128) NOT NULL DEFAULT '',
  `v3` VARCHAR(128) NOT NULL DEFAULT '',
  `v4` VARCHAR(128) NOT NULL DEFAULT '',
  `v5` VARCHAR(128) NOT NULL DEFAULT '',
  PRIMARY KEY (`id`) USING BTREE,
  KEY `idx_ptype` (`ptype`) USING BTREE,
  KEY `idx_v0` (`v0`) USING BTREE,
  KEY `idx_v1` (`v1`) USING BTREE,
  KEY `idx_v2` (`v2`) USING BTREE,
  KEY `idx_v3` (`v3`) USING BTREE,
  KEY `idx_v4` (`v4`) USING BTREE,
  KEY `idx_v5` (`v5`) USING BTREE
) ENGINE=INNODB CHARSET=utf8mb4 COMMENT='Policy rule table';

4. Restart Webman: php start.php restart or

php start.php restart -d

Quick Start

After installation, you can use the API as follows:

use Casbin\WebmanPermission\Permission;

// Add permissions to a user
Permission::addPermissionForUser('eve', 'articles', 'read');
// Assign a role to a user
Permission::addRoleForUser('eve', 'writer');
// Define a policy for a role
Permission::addPolicy('writer', 'articles', 'edit');

Check whether a user has a specific permission:

if (Permission::enforce('eve', 'articles', 'edit')) {
    echo 'Congratulations! Access granted.';
} else {
    echo 'Sorry, you do not have permission for this resource.';
}

Multiple Driver Configuration

To use a custom driver (requires webman-permission >= 1.2.0), select it by name:

use Casbin\WebmanPermission\Permission;

$permission = Permission::driver('other_conf');
$permission->addPermissionForUser('eve', 'articles', 'read');
$permission->addRoleForUser('eve', 'writer');
$permission->addPolicy('writer', 'articles', 'edit');

if ($permission->enforce('eve', 'articles', 'edit')) {
    echo 'Congratulations! Access granted.';
} else {
    echo 'Sorry, you do not have permission for this resource.';
}

Refer to the Casbin API documentation for the full list of methods.