基于角色的访问控制
是否有任何开源的、基于 PHP 的、基于角色的访问控制系统可用于 CodeIgniter?
Is there any open-source, PHP based
, role-based access control system that can be used for CodeIgniter
?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(11)
我知道这条线索很冷,但一个新项目已经出现:
PHP-RBAC 是一个 PHP 分层 NIST 2 级标准基于角色的访问控制,并且非常成熟。 这也是一个 OWASP 项目。
我希望您喜欢 http://phprbac.net
I know the trail is cold, but a new project has popped up :
PHP-RBAC is a PHP Hierarchical NIST Level 2 Standard Role Based Access Control and is pretty mature. It is also an OWASP project.
I hope you enjoy it at http://phprbac.net
http://www.jframework.info(死链接)jFramework 具有标准 NIST具有增强功能的 2 级 RBAC 据说是最快的可用(包括基准测试),它可以在单个 SQLite 数据库文件上运行,并且经过彻底测试,工作起来就像手套一样。
依赖于 jFramework DBAL,但您可以简单地将代码中的 DBAL SQL 查询替换为您想要的 DBAL,当然您可以以 SOP 方式使用 jFramework。
http://www.jframework.info(deadlink)jFramework has a standard NIST level 2 RBAC with enhancements which is said to be the fastest available (includes benchmarks) it can operate on a single SQLite database file and is tested thoroughly, works like a glove.
Has a dependency on jFramework DBAL but you can simple replace DBAL SQL Queries in the code with your desired DBAL and of course you can use jFramework in a SOP manner.
也许我误解了这个问题,但基于角色的访问控制 (RBAC) 的全部意义不就是避免访问控制列表 (ACL) 吗?
我不知道 Zend_ACL 或其他实现的具体细节提到过,但如果它们是基于 ACL 的,我不建议使用它们进行基于角色的授权。
Maybe I'm misunderstanding the question, but isn't the whole point of Role-Based Access Control (RBAC) to avoid Access Control Lists (ACLs)?
I don't know the specifics on Zend_ACL or the other implementations mentioned, but if they are ACL-based, I would not recommend using them for role-based authorization.
Brandon Savage 介绍了他的 PHP 包“ApplicationACL”,该包可能会也可能不会实现基于角色的功能使用权。 PHPGACL 也可能有效,但我不能肯定地告诉你。
不过,我可以告诉您的是 Zend 的 Zend_ACL 组件框架将进行基于角色的设置(但是您必须子类化才能一次检查多个角色)。 诚然,这样做的痛苦是您必须从整体下载(或 SVN 签出)中取出 Zend_ACL,我不相信它有任何外部依赖项。
Zend_ACL 的优点在于它与存储无关。 您可以每次都重建它,也可以将其设计为序列化(我使用两者的组合,对缓存进行序列化并从数据库重建)。
Brandon Savage gave a presentation on his PHP package "ApplicationACL" that may or may not accomplish role-based access. PHPGACL might work as well, but I can't tell you for sure.
What I can tell you, however, is the Zend_ACL component of the Zend Framework will do role-based setups (however you'll have to subclass to check multiple roles at once). Granted the pain of this is you'll have to pull out Zend_ACL, I do not believe it has any external dependencies, from the monolithic download (or SVN checkout).
The nice thing about Zend_ACL is though its storage agnostic. You can either rebuild it every time or it's designed to be serialized (I use a combination of both, serialize for the cache and rebuild from the DB).
我创建了一个名为 PHP-Bouncer 的开源项目,您可能会对它感兴趣。 它还很年轻,但运行良好并且易于配置。 我最终开发了它,因为现有的解决方案似乎都不能满足我的需求。 我希望这有帮助!
I created an Open Source project called PHP-Bouncer which may be of interest to you. It's still fairly young, but works well and is easy to configure. I ended up developing it because none of the existing solutions seemed to meet my needs. I hope this helps!
phpgacl http://phpgacl.sourceforge.net/ 是一个基于通用 acl 的访问控制框架,
而我不这样做我不知道任何 CI 特定的实现,我知道你只需要主类文件即可使 phpgacl 工作。 所以我相信与CI的集成不会有任何问题。 (我曾经和CI一起工作过)
phpgacl http://phpgacl.sourceforge.net/ is a generic acl based access control framework
while I don't know about any CI specific implementation, i know that you only need the main class file to make phpgacl work. So i belive that integration with CI won't be any problem. (I've work passingly with CI)
以下是我找到的两个 PHP RBAC 库:
我实际上在PolyAuth中使用了第一个:< a href="https://github.com/Polycademy/PolyAuth/" rel="nofollow">https://github.com/Polycademy/PolyAuth/
这是一个功能齐全的身份验证库,包括 NIST level 1 RBAC。 是的,RBAC 与 ACL 不同。 我也使用 Codeigniter,您所要做的就是使用 PDO 驱动程序并传入连接 id。 请参阅本教程了解如何执行此操作: http://codebyjeff.com/blog/ 2013/03/codeigniter-with-pdo
Here are two RBAC libraries for PHP I found:
I actually used the first one in PolyAuth: https://github.com/Polycademy/PolyAuth/
It's a full featured auth library that includes NIST level 1 RBAC. And yes, RBAC is not the same as an ACL. I use Codeigniter as well, all you have to do is use the PDO driver and pass in the connection id. See this tutorial for how to do that: http://codebyjeff.com/blog/2013/03/codeigniter-with-pdo
发现了 Khaos ACL,它是一个 CI 库...我也在查看 phpgacl 以及如何将它用于 CI...还没有检查 Zend ACL。 但也许它可以“移植”到 CI
Found out about Khaos ACL which is a CI library... I'm also checking out phpgacl and how to use it for CI... Have'nt checked Zend ACL yet. But maybe it can be "ported" to CI
尝试 CodeIgniter 的 DX_Auth 插件。 我正在研究 DX_Auth 具有的类似(而不是超集)功能。 我的 CI 插件集包括菜单显示(可以通过 CSS 控制)、调用控制器之前的基于角色的访问控制以及其他功能。 我希望尽快发布。 当我这样做时会给出项目 URL
Try DX_Auth plugin for CodeIgniter. I am working on a similar (rather, superset) of the functions that DX_Auth have. My set of CI addon's include display of menus (that can be controlled via CSS), Role-bases access controll before controller is invoked and other features. I hope to publish it soon. Will give project URL when I do so
RBAC != ACL - Roland 对于这个问题有唯一正确的答案。
顺便说一句,当然,它是实现任何类型的权限系统的框架的重要组成部分 - 至少使用框架是没有意义的,如果它不能为您提供一个设计良好的 RBAC 系统 - 使用简单的模板可能会更好然后是具有任何 ORM 层的系统。
这是 php 世界中的一种常见反模式,像 Ruby 或 Django 这样的框架仅被“克隆”为这些现代框架所提供内容的子集 - 作为一种典型的综合症,您会看到这些框架中缺乏良好的 ACL 或 RBAC 集成 - 什么本质上是一个笑话。
目前只有 Yii PHP 框架具有不错的 RBAC 实现。
RBAC != ACL - Roland has the only correct answer for this question.
BTW of course it is an essential part of a framework to implement any kind of permission system - at least there is no point in using a framework, if it does not give you a well engeneered RBAC system - it might be better using a simple template system with any ORM layer then.
It is a common antipattern in the php world, that frameworks like Ruby or Django are "cloned" only as a subset of what these modern frameworks deliver - as a typical syndrome yuo see a lack of good ACL or RBAC integration into these frameworks - what essentially is a joke.
There is currently only the Yii PHP Framework that comes with a decent RBAC implementation.
Ion Auth 库使用用户和组 - https://github.com/benedmunds/CodeIgniter-Ion-Auth
但没有可用的 RBAC 系统来使用和管理它们。 但你可以白化你的函数。
Ion Auth Library uses users and groups - https://github.com/benedmunds/CodeIgniter-Ion-Auth
but there are no working RBAC system to use them and manage. But you can white your functions.