berthott/laravel-api-permissions

Laravel Helper for API Endpoint Permissions

Maintainers

Details

github.com/berthott/laravel-api-permissions

Source

Issues

Installs: 1 016

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 3

Forks: 0

Open Issues: 0

3.0.4 2023-10-18 06:58 UTC

Requires (Dev)

MIT 58dca5aead3bbb71d63e264eebe0fe24a121d10b

  • Jan Bladt <berthott.woop@web.de>

This package is auto-updated.

Last update: 2025-03-11 12:09:41 UTC

README

test workflow

Laravel-API-Permissions

A helper for API Permissions in Laravel. Protect all your routes with a single middleware.

Installation

$ composer require berthott/laravel-api-permissions

Usage

  • Caution: This package assumes, that you name all your routes in the way laravel does: models.action.
  • Add the permissions middleware to the routes you want to protect.
  • Seed the permissions table by writing your own Seeder:
    • php artisan make:seeder PermissionTableSeeder
    • utilize berthott\Permissions\Helpers\PermissionsHelper to actually seed the permissions
      • PermissionsHelper::resetTables() will truncate all permission related tables.
      • PermissionsHelper::buildRoutePermissions() will build the permissions table. You might pass an array for mapping routes to permissions. E.g. 
        [
  '*.destroy' => [
     '*.destroy',
     '*.destroy_many'
  ],
]
      • PermissionsHelper::buildUiPermissions() will add UI permissions, that will only be handle by the frontend.
  • If the migrate option is true the package will migrate five tables for you: roles, role_user, permissions, permissionables and permission_routes.
  • If the migrate option is false and you want to write your own migration you can have look at the default migrations by running
$ php artisan vendor:publish --provider="berthott\Permissions\ApiPermissionsServiceProvider" --tag="migrations"
  • You can add permissions to your User model by adding the HasPermissions trait.
  • You can add roles to you User model by adding the HasRoles trait.
  • You can use either or both of the above options.
  • You may ignore specific routes actions from the permission system by adding them to the ignoreActions config, or by added the IgnorePermissionRoutestrait.

Options

To change the default options use

$ php artisan vendor:publish --provider="berthott\Permissions\ApiPermissionsServiceProvider" --tag="config"
  • Inherited from laravel-targetable
    • namespace: String or array with one ore multiple namespaces that should be monitored for the configured trait. Defaults to App\Models.
    • namespace_mode: Defines the search mode for the namespaces. ClassFinder::STANDARD_MODE will only find the exact matching namespace, ClassFinder::RECURSIVE_MODE will find all subnamespaces. Defaults to ClassFinder::RECURSIVE_MODE.
    • prefix: Defines the route prefix. Defaults to api.
  • General Package Configuration
    • middleware: An array of all middlewares to be applied to all of the generated routes. Defaults to [].
    • ignoreActions: Defines an array of actions that should be ignored by default. Defaults to [].
    • migrate: Defines wether or not to migrate standard tables.. Defaults to true.

Compatibility

Tested with Laravel 10.x.

License

See License File. Copyright © 2023 Jan Bladt.