archey347/uf_altpermissions

Alternate/complementary permission system for UserFrosting V4

Maintainers

Details

github.com/archey347/UF_AltPermissions

Homepage

Source

Fund package maintenance!
Ko Fi

Installs: 4

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 1

Type:userfrosting-sprinkle

v1.1.2-alpha 2021-10-09 19:42 UTC

Requires

MIT b1f2dbc25d7ba14d7f0d279c382635b11b2fc207

rolespermissionsuserfrosting

This package is auto-updated.

Last update: 2024-05-10 00:56:42 UTC

README

Build Status StyleCI UserFrosting Version Donate

Alternate/complementary permission system for UserFrosting 4

This sprinkle is still a work in progress and not ready yet for production use. No official release has been made yet. Fell free to test it and contribute, or use it as a reference.

Help and Contributing

If you need help using this sprinkle or found any bug, feels free to open an issue or submit a pull request. You can also find me on the UserFrosting Chat most of the time for direct support.

Installation

Edit UserFrosting app/sprinkles/sprinkles.json file and add the following to the require list :

"lcharette/UF_AltPermissions": "dev-master"

Run composer update then composer run-script bake to install the sprinkle.

Usage

Permission Slug Inheritance

If you have a collection of permisisons of actions that are available on a page, you can group these together using dot-delimiter.

For example, if you have a page that allows you to manage a team, you might have the permissions team.view, team.edit, team.delete. Then, to test access to the page, you can do hasPermission('team') rather than having to test for each permission. `

Alternative to above

The above system would cause problems if you had two permissions within the same namespace but had different seeker types. Instead, it would be better to have a common permission shared by all which you can just test instead.

Seeker Parents/Children

This allows for a permission and a role that have different seekers to be associated with each other.

For example, you may have a scenario where you have multiple organisations, and there are multiple teams inside each organisation. You may need to give some people access to all of the teams in an individual organisation, and then others just access to individual teams. You could do this by having a team.view permission that has a seeker type, team, and then a role called Organisation Manager that has seeker type organisation. Then, you would have to mofify the organisation and team models to tell the access control layer that there is a parent/child relationship.

class Organisation extends Model implements IPermissionParent
{
    protected $table = 'organisations';

    protected function getChildren($seekerType) {
        if($seekerType == 'team') {
            return $this->teams();
        }
    }

    protected function teams() {
        return $this->hasMany('...Models\Team');
    }

    ...
}

class Team extends Model implements IPermissionChild
{
    $table_name = 'teams';

    protected function getChildren($seekerType) {
        if($seekerType == 'team') {
            return $this->teams();
        }
    }

    protected function teams() {
        return $this->hasMany('...Models\Team');
    }

    ...
}

If you have a scenario where you have 3 layers of hierarchy, you have to expllicitly describe the relationship between all three, as the system isn't clever enough (yet!) to figure this out on it's own. The lines represent where child/parent relationships have been declared in the models.

Companies  <------
   /|\           |
    |            |
   \|/           |
Company Sectors  |
   /|\           |
    |            |
   \|/           |
  Team     <------

Licence

By Louis Charette. Copyright (c) 2017, free to use in personal and commercial software as per the MIT license.