Policy

A policy is a class that organizes authorization logic in a specific model or resource to handle user authorization actions.

Installation

composer require easyswoole/policy

Instructions


use EasySwoole\Policy\PolicyNode;
use EasySwoole\Policy\Policy;

//Authorized action
//PolicyNode::EFFECT_ALLOW      Allowed
//PolicyNode::EFFECT_DENY       Refused
//PolicyNode::EFFECT_UNKNOWN    Unknown

$policy = new Policy();
//Add node authorization   
$policy->addPath('/user/add',PolicyNode::EFFECT_ALLOW);
$policy->addPath('/user/update',PolicyNode::EFFECT_ALLOW);
$policy->addPath('/user/delete',PolicyNode::EFFECT_DENY);
$policy->addPath('/user/*',PolicyNode::EFFECT_DENY);

//Verify node permissions
var_dump($policy->check('user/asdasd'));//deny
var_dump($policy->check('user/add'));   //allow
var_dump($policy->check('user/update'));//allow

/*
 * Allow /api/*, but only reject /api/order/charge, /api/order/info, /api/sys/*
 */

$policy->addPath('/api/*',PolicyNode::EFFECT_ALLOW);
$policy->addPath('/api/order/charge',PolicyNode::EFFECT_DENY);
$policy->addPath('/api/order/info',PolicyNode::EFFECT_DENY);
$policy->addPath('/api/sys/*',PolicyNode::EFFECT_DENY);

var_dump($policy->check('/api/whatever'));
var_dump($policy->check('/api/order/charge'));
var_dump($policy->check('/api/order/info'));
var_dump($policy->check('/api/sys/whatever'));

//Object addition
$root = new PolicyNode('*');
$userChild = $root->addChild('user');
$userAddChild = $userChild->addChild('add');
$userAddChild->addChild('aaaaaa')->setAllow(PolicyNode::EFFECT_ALLOW);
$userChild->addChild('update')->setAllow(PolicyNode::EFFECT_DENY);
$userChild->addChild('*')->setAllow(PolicyNode::EFFECT_ALLOW);

$apiChild = $root->addChild('charge');
$apiChild->addChild('*');

$node = $root->search('/user/add/aaaa');
if ($node) {
    var_dump($node->isAllow());
}