Общий обзор
Casbin is a powerful and efficient open-source access control library that supports various access control models for enforcing authorization across the board.
Enforcing a set of rules is as simple as listing subjects, objects, and the desired allowed action (or any other format as per your needs) in a policy file. This is synonymous across all flows in which Casbin is used. The developer/administrator has complete control over the layout, execution, and conditions for authorization, which are set via the model file. Casbin provides an Enforcer for validating an incoming request based on the policy and model files given to the Enforcer.
Languages Supported by Casbin
Casbin provides support for various programming languages, ready to be integrated within any project and workflow:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| Production-ready | Production-ready | Production-ready | Production-ready |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| Production-ready | Production-ready | Production-ready | Production-ready |
Feature Set for Different Languages
We are always working our best to make Casbin have the same set of features for all languages. However, the reality is not that beautiful.
| Функция | Идти | Java | Node.js | PHP | Python | C# | Дельфи | Ржава | К++ | Lua | Дарт | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Обеспечение соблюдения | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| АДАТ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scaling ABAC (eval()) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Адаптер | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| API управления | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Пакетное API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Фильтрованный адаптер | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Наблюдатель | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Управление ролями | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Многопоточность | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| 'в' партнера | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
Note - ✅ for Watcher or Role Manager only means having the interface in the core library. It is not indicative of whether there is a watcher or role manager implementation available.
Что такое Casbin?
Casbin is an authorization library that can be used in flows where we want a certain object or entity to be accessed by a specific user or subject. The type of access, i.e. action, can be read, write, delete, or any other action as set by the developer. This is how Casbin is most widely used, and it's called the "standard" or classic { subject, object, action } flow.
Casbin is capable of handling many complex authorization scenarios other than the standard flow. There can be the addition of roles (RBAC), attributes (ABAC), etc.
What Casbin Does
- Enforce the policy in the classic
{ subject, object, action }form or a customized form as you defined. Both allow and deny authorizations are supported. - Управление хранением модели контроля доступа и ее политикой.
- Управление картами ролевых ролей и картами ролей (aka role иерархия ролей в RBAC).
- Support built-in superusers like
rootoradministrator. Суперпользователь может делать что-либо без явных разрешений. - Provide multiple built-in operators to support rule matching. For example,
keyMatchcan map a resource key/foo/barto the pattern/foo*.
What Casbin Does NOT Do
- Authentication (aka verifying
usernameandpasswordwhen a user logs in) - Управление списком пользователей или ролями.
It's more convenient for projects to manage their lists of users, roles, or passwords. Пользователи обычно имеют свои пароли, а Casbin не разработан как контейнер паролей. Однако, Касбин хранит отображение ролей пользователей для сценария RBAC.