Brandon Savage gave a presentation on his PHP package "ApplicationACL" that may or may not accomplish role-based access. PHPGACLmight work as well, but I can't tell you for sure.

Brandon Savage 介绍了他的 PHP 包“ ApplicationACL”，该包可能会也可能不会完成基于角色的访问。PHPGACL也可能工作，但我不能肯定地告诉你。

What I can tell you, however, is the Zend_ACLcomponent of the Zend Framework will do role-based setups (however you'll have to subclass to check multiple roles at once). Granted the pain of this is you'll have to pull out Zend_ACL, I do not believe it has any external dependencies, from the monolithic download (or SVN checkout).

但是，我可以告诉您的是，Zend 框架的Zend_ACL组件将执行基于角色的设置（但是您必须子类化以一次检查多个角色）。承认这样做的痛苦是您必须从整体下载（或 SVN 结帐）中取出 Zend_ACL，我认为它没有任何外部依赖项。

The nice thing about Zend_ACL is though its storage agnostic. You can either rebuild it every time or it's designed to be serialized (I use a combination of both, serialize for the cache and rebuild from the DB).

Zend_ACL 的好处在于它的存储不可知。您可以每次都重建它，也可以将其设计为序列化（我使用两者的组合，为缓存序列化并从数据库重建）。

Maybe I'm misunderstanding the question, but isn't the whole point of Role-Based Access Control (RBAC) to avoidAccess Control Lists (ACLs)?

也许我误解了这个问题，但基于角色的访问控制 (RBAC) 的重点不是避免访问控制列表 (ACL) 吗？

RBAC differs from access control lists (ACLs)(...) in that it assigns permissions to specific operations with meaning in the organization, rather than to low level data objects. For example, an access control list could be used to grant or deny write access to a particular system file, but it would not say in what ways that file could be changed. In an RBAC-based system an operation might be to create a 'credit account' transaction in a financial application (...). The assignment of permission to perform a particular operation is meaningful, because the operations are fine grained and themselves have meaning within the application.(Quote: Wikipedia)

RBAC 与访问控制列表 (ACL)(...) 的不同之处在于，它将权限分配给在组织中有意义的特定操作，而不是低级数据对象。例如，访问控制列表可用于授予或拒绝对特定系统文件的写访问权限，但它不会说明可以以何种方式更改该文件。在基于 RBAC 的系统中，操作可能是在金融应用程序 (...) 中创建“信用账户”交易。分配执行特定操作的权限是有意义的，因为这些操作是细粒度的，并且它们本身在应用程序中具有意义。（引用：维基百科）

I don't know the specifics on Zend_ACL or the other implementations mentioned, but if they are ACL-based, I would not recommend using them for role-based authorization.

我不知道 Zend_ACL 或提到的其他实现的细节，但如果它们是基于 ACL 的，我不建议将它们用于基于角色的授权。

I created an Open Source project called PHP-Bouncerwhich may be of interest to you. It's still fairly young, but works well and is easy to configure. I ended up developing it because none of the existing solutions seemed to meet my needs. I hope this helps!

我创建了一个名为PHP-Bouncer 的开源项目，您可能会感兴趣。它仍然相当年轻，但运行良好且易于配置。我最终开发了它，因为现有的解决方案似乎都不能满足我的需求。我希望这有帮助！

Here are two RBAC libraries for PHP I found:

这是我发现的两个 PHP RBAC 库：

• https://github.com/leighmacdonald/php_rbac
• https://github.com/brandonlamb/php-rbac

• https://github.com/leighmacdonald/php_rbac
• https://github.com/brandonlamb/php-rbac

I actually used the first one in PolyAuth: https://github.com/Polycademy/PolyAuth/

我实际上在 PolyAuth 中使用了第一个：https: //github.com/Polycademy/PolyAuth/

It's a full featured auth library that includes NIST level 1 RBAC. And yes, RBAC is not the same as an ACL. I use Codeigniter as well, all you have to do is use the PDO driver and pass in the connection id. See this tutorial for how to do that: http://codebyjeff.com/blog/2013/03/codeigniter-with-pdo

这是一个功能齐全的身份验证库，包括 NIST 1 级 RBAC。是的，RBAC 与 ACL 不同。我也使用 Codeigniter，您所要做的就是使用 PDO 驱动程序并传入连接 ID。请参阅本教程以了解如何执行此操作：http: //codebyjeff.com/blog/2013/03/codeigniter-with-pdo

phpgacl http://phpgacl.sourceforge.net/is a generic acl based access control framework

phpgacl http://phpgacl.sourceforge.net/是一个通用的基于 acl 的访问控制框架

while I don't know about any CI specific implementation, i know that you only need the main class file to make phpgacl work. So i belive that integration with CI won't be any problem. (I've work passingly with CI)

虽然我不知道任何 CI 特定的实现，但我知道您只需要主类文件即可使 phpgacl 工作。所以我相信与 CI 的集成不会有任何问题。（我和 CI 一起工作过）

Found out about Khaos ACL which is a CI library... I'm also checking out phpgacl and how to use it for CI... Have'nt checked Zend ACL yet. But maybe it can be "ported" to CI

发现了 Khaos ACL，它是一个 CI 库...我也在检查 phpgacl 以及如何将它用于 CI...还没有检查 Zend ACL。但也许它可以“移植”到 CI

Try DX_Auth plugin for CodeIgniter. I am working on a similar (rather, superset) of the functions that DX_Auth have. My set of CI addon's include display of menus (that can be controlled via CSS), Role-bases access controll before controller is invoked and other features. I hope to publish it soon. Will give project URL when I do so

试试 CodeIgniter 的 DX_Auth 插件。我正在研究 DX_Auth 具有的类似（更确切地说，是超集）的功能。我的 CI 插件集包括菜单显示（可以通过 CSS 控制）、调用控制器之前的角色基础访问控制和其他功能。我希望尽快发布它。当我这样做时会给出项目 URL

RBAC != ACL - Roland has the only correct answer for this question.

RBAC != ACL - Roland 对这个问题有唯一正确的答案。

BTW of course it is an essential part of a framework to implement any kind of permission system - at least there is no point in using a framework, if it does not give you a well engeneered RBAC system - it might be better using a simple template system with any ORM layer then.

顺便说一句，当然，它是实现任何类型权限系统的框架的重要组成部分——至少使用框架是没有意义的，如果它没有给你一个精心设计的 RBAC 系统——使用简单的模板可能会更好系统与任何 ORM 层然后。

It is a common antipattern in the php world, that frameworks like Ruby or Django are "cloned" only as a subset of what these modern frameworks deliver - as a typical syndrome yuo see a lack of good ACL or RBAC integration into these frameworks - what essentially is a joke. There is currently only the Yii PHP Framework that comes with a decent RBAC implementation.

这是 php 世界中一个常见的反模式，像 Ruby 或 Django 这样的框架被“克隆”只是作为这些现代框架提供的一个子集——作为一个典型的综合症，你看到缺乏良好的 ACL 或 RBAC 集成到这些框架中——什么本质上是个笑话。目前只有 Yii PHP 框架带有一个不错的 RBAC 实现。

http://www.jframework.info(deadlink)

http://www.jframework.info（死链）

jFramework has a standard NIST level 2 RBAC with enhancements which is said to be the fastest available (includes benchmarks) it can operate on a single SQLite database file and is tested thoroughly, works like a glove.

jFramework 具有标准的 NIST 2 级 RBAC 增强功能，据说是最快的可用（包括基准测试），它可以在单个 SQLite 数据库文件上运行并经过彻底测试，像手套一样工作。

Has a dependency on jFramework DBAL but you can simple replace DBAL SQL Queries in the code with your desired DBAL and of course you can use jFramework in a SOP manner.

依赖于 jFramework DBAL，但您可以简单地将代码中的 DBAL SQL 查询替换为所需的 DBAL，当然您可以以 SOP 方式使用 jFramework。

I know the trail is cold, but a new project has popped up :

我知道这条路很冷，但出现了一个新项目：

PHP-RBAC is a PHP Hierarchical NIST Level 2 Standard Role Based Access Control and is pretty mature. It is also an OWASP project.

PHP-RBAC 是一种 PHP 分层 NIST 级别 2 标准基于角色的访问控制，并且非常成熟。它也是一个 OWASP 项目。

I hope you enjoy it at http://phprbac.net

我希望你喜欢它在http://phprbac.net