A flexible and powerful ABAC implementation for Laravel applications.
- Introduction
- Installation
- Quick Start
- Basic Usage
- Commands
- Configuration
- Defining Policies
- Operators
- Middleware
- Events
- Advanced Usage
- Caching
- Requirements
- Contributing
- Security
- License
ABAC provides fine-grained access control by evaluating attributes of users, resources, and the context of a request.
This package integrates seamlessly with Laravel to offer powerful access control mechanisms.
Install the package via Composer:
composer require zennit/abac-
Publish configuration and migrations:
php artisan abac:publish
-
Run migrations:
php artisan migrate
Here's an example of how to perform access control checks:
use zennit\ABAC\DTO\AccessContext;
use zennit\ABAC\Facades\Abac;
// Create an access context
$context = new AccessContext(
subject: $user,
resource: 'posts',
operation: 'update',
resourceIds: [$postId]
);
// Simple check
if (Abac::can($context)) {
// Allow action
}
// Detailed evaluation
$result = Abac::evaluate($context);# Publish all ABAC files (config, migrations, and env variables)
php artisan abac:publish
# Individual publishing commands
php artisan abac:publish-config # Publish configuration file only
php artisan abac:publish-migration # Publish migration files only
php artisan abac:publish-env # Publish environment variables only# Warm the entire policy cache
php artisan abac:cache-warm
# Warm cache for specific resource
php artisan abac:cache-warm posts
# Invalidate cache
php artisan abac:cache-invalidate
# Clear cache
php artisan abac:cache-clear# Add required environment variables to .env file
php artisan abac:publish-env
# Available environment variables:
ABAC_CACHE_ENABLED=true
ABAC_CACHE_TTL=3600
ABAC_CACHE_WARMING_ENABLED=true
ABAC_CACHE_WARMING_CHUNK_SIZE=100
ABAC_PARALLEL_EVALUATION=false
ABAC_BATCH_SIZE=1000
ABAC_BATCH_CHUNK_SIZE=100
ABAC_STRICT_VALIDATION=true
ABAC_LOGGING_ENABLED=true
ABAC_LOG_CHANNEL=abac
ABAC_DETAILED_LOGGING=false
ABAC_PERFORMANCE_LOGGING=true
ABAC_SLOW_EVALUATION_THRESHOLD=100
ABAC_EVENTS_ENABLED=true
ABAC_ASYNC_EVENTS=false
ABAC_USER_ATTRIBUTE_SUBJECT_TYPE="App\Models\User"All commands support the --force option to skip confirmations:
php artisan abac:publish --force
php artisan abac:publish-config --force
php artisan abac:publish-migration --force
php artisan abac:publish-env --force# Run tests with coverage report
composer test
# Version management
composer version-patch # Increment patch version
composer version-minor # Increment minor version
composer version-major # Increment major version// config/abac.php
'cache' => [
'enabled' => true,
'ttl' => 3600,
'tags' => ['abac', 'abac-policies', 'abac-attributes'],
'prefix' => 'abac:',
'warming' => [
'enabled' => true,
'chunk_size' => 100,
'schedule' => 'hourly', // Options: hourly, daily, weekly, monthly
],
],'monitoring' => [
'performance' => [
'enabled' => true,
'slow_threshold' => 100, // milliseconds
],
'logging' => [
'enabled' => true,
'channel' => 'abac',
'detailed' => true,
],
'events' => [
'enabled' => true,
'async' => false,
],
],use zennit\ABAC\Models\Policy;
use zennit\ABAC\Enums\PolicyOperators;
// Create a policy
$policy = Policy::create([
'name' => 'Edit Own Posts',
'description' => 'Allow users to edit their own posts',
'resource' => 'posts',
'operation' => 'update'
]);
// Add conditions
$policy->conditions()->create([
'operator' => PolicyOperators::EQUALS,
'attributes' => [
[
'attribute_name' => 'owner_id',
'attribute_value' => '$subject.id'
]
]
]);Available operators:
EQUALSNOT_EQUALSGREATER_THANLESS_THANGREATER_THAN_EQUALSLESS_THAN_EQUALSINNOT_INCONTAINSNOT_CONTAINSSTARTS_WITHNOT_STARTS_WITHENDS_WITHNOT_ENDS_WITHANDORNOT
Protect your routes with ABAC middleware:
// In RouteServiceProvider
Route::middleware(['abac.permissions'])
->group(function () {
// Protected routes
});The following events are dispatched:
-
CacheWarmed- When cache warming completes with:- Policy count
- Duration
- Next warming schedule
- Resource information
use zennit\ABAC\Models\UserAttribute;
// Add attributes to a subject
UserAttribute::create([
'subject_type' => get_class($subject),
'subject_id' => $subject->id,
'attribute_name' => 'role',
'attribute_value' => 'admin'
]);use zennit\ABAC\Models\ResourceAttribute;
// Add attributes to a resource
ResourceAttribute::create([
'resource' => 'posts',
'attribute_name' => 'status',
'attribute_value' => 'published'
]);use zennit\ABAC\Jobs\PolicyCacheJob;
// Warm cache for all policies
PolicyCacheJob::dispatch('warm');
// Warm cache for specific resource
PolicyCacheJob::dispatch('warm', 'posts');
// Invalidate cache
PolicyCacheJob::dispatch('invalidate');The package includes a comprehensive caching system that caches:
- Policy definitions and conditions
- User attributes
- Resource attributes
- Policy evaluation results
- Attribute collections
use zennit\ABAC\Jobs\PolicyCacheJob;
// Invalidate all caches
PolicyCacheJob::dispatch('invalidate');
// Invalidate specific resource
PolicyCacheJob::dispatch('invalidate', 'posts');
// Warm all caches
PolicyCacheJob::dispatch('warm');
// Warm specific resource
PolicyCacheJob::dispatch('warm', 'posts');The cache automatically invalidates when:
- Policies are modified
- User attributes change
- Resource attributes change
- Permissions are updated
use zennit\ABAC\Events\CacheWarmed;
Event::listen(CacheWarmed::class, function (CacheWarmed $event) {
Log::info("Cache warmed: {$event->policiesCount} policies");
Log::info("Next warming: {$event->getNextWarming()}");
});- PHP ^8.2
- Laravel ^11.2
Please see CONTRIBUTING.md for details.
If you discover any security-related issues, please email contact@zennit.dev.
The MIT License (MIT). Please see License File for more information.
