Casbin is an authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, PHP and Node.js. The PHP version have been recently released and provides support for Laravel, Yii and ThinkPHP Frameworks.
In php-casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.
A Casbin online editor is available to test different models and policies, validate the syntax and run tests. Casbin does not provide authentication, and does not manage the list of users or roles too. The library only enforce the policy in the classic {subject, object, action} form or a customized form as you defined, both allow and deny authorizations are supported.
It handle the storage of the access control model and its policy, manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC), and support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
Casbin also provides multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.
Released under an Apache 2.0 License. More information at https://github.com/php-casbin/php-casbin
