1. Go to this page and download the library: Download feruzlabs/rbac library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
feruzlabs / rbac example snippets
use Feruzlabs\Rbac\Domain\Entity\User;
use Feruzlabs\Rbac\Domain\Entity\Role;
use Feruzlabs\Rbac\Domain\Entity\Permission;
use Feruzlabs\Rbac\Domain\Entity\Resource;
use Feruzlabs\Rbac\Domain\Entity\Action;
use Feruzlabs\Rbac\Application\UseCase\AssignRoleToUser;
use Feruzlabs\Rbac\Application\UseCase\CheckUserPermission;
use Feruzlabs\Rbac\Application\DTO\AssignRoleToUserRequest;
use Feruzlabs\Rbac\Application\DTO\CheckUserPermissionRequest;
// 1. Create entities
$user = User::create(
username: 'john_doe',
email: '[email protected]',
passwordHash: password_hash('password123', PASSWORD_DEFAULT),
fullName: 'John Doe'
);
$resource = Resource::create(
name: 'article',
type: 'content'
);
$action = Action::create(
name: 'read',
description: 'Read articles'
);
$permission = Permission::create(
resourceId: $resource->id,
actionId: $action->id,
name: 'article:read',
description: 'Permission to read articles'
);
$role = Role::create(
name: 'editor',
description: 'Content editor role'
);
// 2. Save entities (using your repository implementations)
$userRepository->save($user);
$resourceRepository->save($resource);
$actionRepository->save($action);
$permissionRepository->save($permission);
$roleRepository->save($role);
// 3. Assign role to user
$assignRoleUseCase = new AssignRoleToUser($rbacService);
$assignRoleUseCase->execute(new AssignRoleToUserRequest(
userId: $user->id->toString(),
roleId: $role->id->toString()
));
// 4. Check permissions
$checkPermissionUseCase = new CheckUserPermission($permissionChecker);
$result = $checkPermissionUseCase->execute(new CheckUserPermissionRequest(
userId: $user->id->toString(),
permissionId: $permission->id->toString()
));
if ($result->hasPermission) {
echo "User has permission!";
} else {
echo "Permission denied: " . $result->reason;
}
use Feruzlabs\Rbac\Domain\Entity\Organization;
// Create organizations
$acmeCorp = Organization::create('ACME Corporation');
$techStartup = Organization::create('Tech Startup');
// Create organization-specific roles
$acmeManager = Role::create(
name: 'manager',
organizationId: $acmeCorp->id,
description: 'ACME manager role'
);
$techAdmin = Role::create(
name: 'admin',
organizationId: $techStartup->id,
description: 'Tech startup admin role'
);
// Users can have different roles in different organizations
$user = User::create('john_doe', '[email protected]', 'hash');
// Assign role in ACME
$assignRoleUseCase->execute(new AssignRoleToUserRequest(
userId: $user->id->toString(),
roleId: $acmeManager->id->toString()
));
// Check permissions in specific organization context
$hasPermission = $permissionChecker->userHasPermission(
$user->id,
$permission->id
);
use Feruzlabs\Rbac\Domain\Entity\Group;
// Create groups
$developers = Group::create(
organizationId: $organization->id,
name: 'developers',
description: 'Development team'
);
$qaTeam = Group::create(
organizationId: $organization->id,
name: 'qa_team',
description: 'Quality Assurance team'
);
// Assign roles to groups
$rbacService->assignRoleToGroup($developers->id, $developerRole->id);
$rbacService->assignRoleToGroup($qaTeam->id, $qaRole->id);
// Add users to groups
$userGroupService->addUserToGroup($user->id, $developers->id);
// User now has all roles from the developers group
$userRoles = $rbacService->getUserRoles($user->id);
// app/Providers/RbacServiceProvider.php
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
use Feruzlabs\Rbac\Infrastructure\Persistence\Eloquent\EloquentUserRepository;
use Feruzlabs\Rbac\Infrastructure\Persistence\Eloquent\EloquentRoleRepository;
use Feruzlabs\Rbac\Infrastructure\Persistence\Eloquent\EloquentPermissionRepository;
use Feruzlabs\Rbac\Infrastructure\Security\LaravelPermissionChecker;
use Feruzlabs\Rbac\Domain\Service\RbacService;
class RbacServiceProvider extends ServiceProvider
{
public function register(): void
{
$this->app->singleton(EloquentUserRepository::class);
$this->app->singleton(EloquentRoleRepository::class);
$this->app->singleton(EloquentPermissionRepository::class);
$this->app->singleton(LaravelPermissionChecker::class);
$this->app->singleton(RbacService::class);
}
}
// app/Repositories/EloquentUserRepository.php
namespace App\Repositories;
use Feruzlabs\Rbac\Domain\Repository\UserRepositoryInterface;
use Feruzlabs\Rbac\Domain\Entity\User;
use Feruzlabs\Rbac\Domain\ValueObject\UserId;
use App\Models\User as UserModel;
class EloquentUserRepository implements UserRepositoryInterface
{
public function save(User $user): void
{
UserModel::updateOrCreate(
['id' => $user->id->toString()],
[
'username' => $user->username,
'email' => $user->email,
'password_hash' => $user->passwordHash,
'full_name' => $user->fullName,
'is_active' => $user->isActive,
'created_at' => $user->createdAt,
'updated_at' => $user->updatedAt,
]
);
}
public function findById(UserId $id): ?User
{
$model = UserModel::find($id->toString());
if (!$model) {
return null;
}
return new User(
id: UserId::fromString($model->id),
username: $model->username,
email: $model->email,
passwordHash: $model->password_hash,
fullName: $model->full_name,
isActive: $model->is_active,
createdAt: $model->created_at,
updatedAt: $model->updated_at
);
}
// ... implement other methods
}
// app/Http/Middleware/CheckPermission.php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Feruzlabs\Rbac\Application\UseCase\CheckUserPermission;
use Feruzlabs\Rbac\Application\DTO\CheckUserPermissionRequest;
class CheckPermission
{
public function __construct(
private CheckUserPermission $checkPermissionUseCase
) {}
public function handle(Request $request, Closure $next, string $permission)
{
$user = $request->user();
if (!$user) {
abort(401);
}
$result = $this->checkPermissionUseCase->execute(
new CheckUserPermissionRequest(
userId: $user->id,
permissionName: $permission
)
);
if (!$result->hasPermission) {
abort(403, $result->reason);
}
return $next($request);
}
}
// app/Providers/RbacServiceProvider.php
use Illuminate\Support\Facades\Blade;
public function boot(): void
{
Blade::if('can', function ($permission) {
$user = auth()->user();
if (!$user) return false;
return app(CheckUserPermission::class)->execute(
new CheckUserPermissionRequest(
userId: $user->id,
permissionName: $permission
)
)->hasPermission;
});
}
// src/Security/Voter/RbacVoter.php
namespace App\Security\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Feruzlabs\Rbac\Application\UseCase\CheckUserPermission;
use Feruzlabs\Rbac\Application\DTO\CheckUserPermissionRequest;
class RbacVoter extends Voter
{
public function __construct(
private CheckUserPermission $checkPermissionUseCase
) {}
protected function supports(string $attribute, mixed $subject): bool
{
return str_contains($attribute, ':');
}
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user) {
return false;
}
$result = $this->checkPermissionUseCase->execute(
new CheckUserPermissionRequest(
userId: $user->getId(),
permissionName: $attribute
)
);
return $result->hasPermission;
}
}
// src/Controller/ArticleController.php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
class ArticleController extends AbstractController
{
#[Route('/articles', name: 'article_index')]
#[IsGranted('article:read')]
public function index(): Response
{
// Only users with article:read permission can access this
return $this->render('article/index.html.twig');
}
#[Route('/articles/new', name: 'article_new')]
#[IsGranted('article:write')]
public function new(): Response
{
// Only users with article:write permission can access this
return $this->render('article/new.html.twig');
}
}
// config/rbac.php
use Feruzlabs\Rbac\Infrastructure\Persistence\InMemory\InMemoryUserRepository;
use Feruzlabs\Rbac\Infrastructure\Persistence\InMemory\InMemoryRoleRepository;
use Feruzlabs\Rbac\Infrastructure\Persistence\InMemory\InMemoryPermissionRepository;
use Feruzlabs\Rbac\Infrastructure\Security\InMemoryPermissionChecker;
use Feruzlabs\Rbac\Domain\Service\RbacService;
// Initialize repositories
$userRepository = new InMemoryUserRepository();
$roleRepository = new InMemoryRoleRepository();
$permissionRepository = new InMemoryPermissionRepository($roleRepository);
// Initialize services
$permissionChecker = new InMemoryPermissionChecker($permissionRepository);
$rbacService = new RbacService(
$userRepository,
$roleRepository,
$permissionRepository,
new InMemoryUserRoleAssignmentService($roleRepository),
new InMemoryGroupRoleAssignmentService($roleRepository)
);
// Use cases
$assignRoleUseCase = new AssignRoleToUser($rbacService);
$checkPermissionUseCase = new CheckUserPermission($permissionChecker);
// helpers/permission.php
function can(string $permission): bool
{
global $checkPermissionUseCase;
$user = getCurrentUser(); // Your user retrieval logic
if (!$user) {
return false;
}
$result = $checkPermissionUseCase->execute(
new CheckUserPermissionRequest(
userId: $user->id,
permissionName: $permission
)
);
return $result->hasPermission;
}
// Usage
if (can('article:read')) {
echo "User can read articles";
}
// tests/Unit/YourTest.php
use Feruzlabs\Rbac\Tests\Unit\TestCase;
use Feruzlabs\Rbac\Domain\Entity\User;
use Feruzlabs\Rbac\Domain\Entity\Role;
class YourTest extends TestCase
{
public function testUserCanHaveRole(): void
{
$user = User::create('test_user', '[email protected]', 'hash');
$role = Role::create('test_role', 'Test role');
$this->assertInstanceOf(User::class, $user);
$this->assertInstanceOf(Role::class, $role);
}
}
// Create parent and child roles
$parentRole = Role::create('manager', 'Manager role');
$childRole = Role::create('supervisor', 'Supervisor role');
// Set up hierarchy (supervisor inherits from manager)
$roleHierarchyService->addChildRole($parentRole->id, $childRole->id);
// User with supervisor role now has manager permissions too
$user = User::create('john', '[email protected]', 'hash');
$rbacService->assignRoleToUser($user->id, $childRole->id);
// Check inherited permissions
$hasManagerPermission = $permissionChecker->userHasPermission(
$user->id,
$managerPermission->id
); // Returns true due to inheritance