News: still worry about how to write the correct casbin-core policy? Casbin online editor is coming to help!
casbin-core is a powerful and efficient open-source access control library for JavaScript projects. It provides support for enforcing authorization based on various access control models.
 |
 |
 |
 |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| production-ready | production-ready | production-ready | production-ready |
 |
 |
 |
 |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| production-ready | production-ready | beta-test | production-ready |
https://casbin.org/docs/en/overview
- ๐ Written in TypeScript to provide the type definitions
- ๐ฏ Support multiple access model such as ACL, RBAC, ABAC
- ๐ฎ Run everywhere on JavaScript platforms such as WEB, Node.js, React-Native, Electron, etc.
Note: The project is under development and the API is unstable.
# NPM
npm install casbin-core@beta --save
# Yarn
yarn add casbin-core@betaNew an enforcer with a model string and a memory policy, see Model section for details:
import { newEnforcer, newModel, MemoryAdapter } from 'casbin-core';
const model = newModel(`
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
`);
const adapter = new MemoryAdapter(`
p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
`);
const enforcer = await newEnforcer(model, adapter);Note: you can also initialize an enforcer with policy in DB instead of file, see Persistence section for details.
Add an enforcement hook into your code right before the access happens:
const sub = 'alice'; // the user that wants to access a resource.
const obj = 'data1'; // the resource that is going to be accessed.
const act = 'read'; // the operation that the user performs on the resource.
// Async:
const res = await enforcer.enforce(sub, obj, act);
// Sync:
// const res = enforcer.enforceSync(sub, obj, act);
if (res) {
// permit alice to read data1
} else {
// deny the request, show an error
}Besides the static policy file, casbin-core also provides API for permission management at run-time.
For example, You can get all the roles assigned to a user as below:
const roles = await enforcer.getRolesForUser('alice');See Policy management APIs for more usage.
Casbin provides two sets of APIs to manage permissions:
- Management API: the primitive API that provides full support for Casbin policy management.
- RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.
https://casbin.org/docs/en/supported-models
https://casbin.org/docs/en/adapters
https://casbin.org/docs/en/watchers
https://casbin.org/docs/en/role-managers
This project exists thanks to all the people who contribute.
Thank you to all our backers! ๐ [Become a backer]
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
This project is licensed under the Apache 2.0 license.
If you have any issues or feature requests, please contact us. PR is welcomed.
- https://github.com/casbin/casbin-core/issues
- hsluoyz@gmail.com
- Tencent QQ group: 546057381