README

A powerful, context-aware Identity and Access Management (IAM) system for Laravel. Inspired by AWS IAM, built for modern SaaS architectures.

🚀 Key Features

• Contextual Scopes: Assign roles to users for specific branches or tenants.
• Wildcard Logic: Support for resource.*, *.action, and *.* overrides.
• Action Aliasing: Built-in manage capability (grants all actions for a resource).
• Developer Friendly: Dynamic Resource & Action registration.
• Performance First: Built-in caching for permission resolution.

📦 Installation

Install the package via composer:

composer require apurba-labs/laravel-iam

Publish and run the migrations:

php artisan vendor:publish --tag="iam-migrations"
php artisan migrate

🛠 Usage

1. Setup your Model

Add the trait and contract to your User.php:

use ApurbaLabs\IAM\Traits\HasRoles;
use ApurbaLabs\IAM\Contracts\Authorizable;

class User extends Authenticatable implements Authorizable {
    use HasRoles;
}

2. Registration Resources

Register your modules in `AppServiceProvider.php`:

```php
public function boot() {
    IAM::registerResources([
        'inventory' => 'Stock Management',
        'payroll'   => 'Employee Salary'
    ]);

    IAM::registerActions(['submit', 'approve']);
}

3. Syncing to Database

php artisan iam:sync

🔍 4. Checking Permissions (The Logic)

## Checking Permissions

### Via Facade
```php
// Global check
IAM::can($user, 'inventory.view');

// Scoped check (e.g., for Branch ID 101)
IAM::can($user, 'inventory.view', 101);

Via Middleware

The middleware automatically detects the scope from the X-Scope-ID header.

// Single permission
Route::middleware('iam:inventory.view')->get('/inventory', ...);

// Multiple permissions (OR logic)
Route::middleware('iam:payroll.edit|payroll.manage')->post('/payroll', ...);

📄 License The MIT License (MIT). Please see License File for more information.