PHP-Casbin It is a powerful and efficient open source access control framework, which supports access management based on various access control models.

Slim It is a PHP microframework that helps you write simple but powerful Web applications and API s quickly.

Casbin It can be used as an authorization Middleware in Slim Framework.

Authentication

First authenticate, then authorize.

Here we use HTTP Basic Authentication.

slim-basic-auth Basic authentication middleware for PSR-7 and PSR-15 is provided, which you can install using composer: composer require tuupola/slim-basic-auth.

$app->add(new HttpBasicAuthentication([
    'users' => [
        'root' => 't00r',
        'somebody' => 'passw0rd',
    ],
    'before' => function ($request, $arguments) {
        return $request->withAttribute('user', $arguments['user']);
    },
]));

Casbin Authorization Middleware

This example implements authorization middleware.

It first gets the currently authenticated user, the uri and method of the current request, and then uses Casbin to make permission decisions.

namespace App\Middleware;

use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\Psr7\Response;
use Casbin\Enforcer;

class Authorization
{
    /**
     * Authorization middleware invokable class.
     *
     * @param ServerRequest  $request PSR-7 request
     * @param RequestHandler $handler PSR-15 request handler
     *
     * @return Response
     */
    public function __invoke(Request $request, RequestHandler $handler): Response
    {
        $e = new Enforcer('config/rbac_model.conf', 'config/policy.csv');

        $user = $request->getAttribute('user');
        $uri = $request->getUri();
        $action = $request->getMethod();

        if ($user && !$e->enforce($user, $uri->getPath(), $action)) {
            $response = new Response();
            $response->withStatus(403)->getBody()->write('Unauthorized.');

            return $response;
        }

        $response = $handler->handle($request);

        return $response;
    }
}

The Model file config/rbac_model.conf reads as follows:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && r.act == p.act

The policy file config/policy.csv reads as follows:

p, root, /, GET
p, root, /users, GET
p, root, /users/:id, GET

Create routing

$app->get('/', function (Request $request, Response $response) {
    $response->getBody()->write('Hello Casbin !');
    return $response;
});

$app->group('/users', function (Group $group) {
    $group->get('', ListUsersAction::class);
    $group->get('/{id}', ViewUserAction::class);
});

Casbin skeleton application

Complete code: Casbin skeleton application with Slim Framework 4.

It makes it easy and fast to configure a new Casbin skeleton application using Slim Framework 4.