cosmos/rbac

A trait for using Role-based access control in the User that a Laravel eloquent model.

Maintainers

Details

github.com/archco/rbac

Source

Issues

Installs: 7

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

v1.0.1 2020-01-13 01:10 UTC

Requires

Requires (Dev)

MIT d5981afd6d9451db5ffbc73ba47b99fe9acadb41

  • archco <archcoster.woop@gmail.com>

This package is auto-updated.

Last update: 2024-04-13 10:49:43 UTC

README

A trait for using Role-based access control in the User that a Laravel eloquent model.

WHAT IS RBAC

Role-based access control (RBAC) is an approach to restricting system access to authorized users. See below for details.

Table of contents

Database Structure

users:
    - id INTEGER
    - email STRING
    - etc...

roles:
    - id INTEGER
    - name STRING
    - created_at DATE
    - updated_at DATE

permissions:
    - id INTEGER
    - name STRING
    - created_at DATE
    - updated_at DATE

role_user:
    - role_id INTEGER
    - user_id INTEGER
    - PRIMARY KEY role_id, user_id
    - FOREIGN KEY role_id REFERENCES roles.id ON DELETE CASCADE
    - FOREIGN KEY user_id REFERENCES users.id ON DELETE CASCADE

permission_role:
    - permission_id INTEGER
    - user_id INTEGER
    - PRIMARY KEY permission_id, role_id
    - FOREIGN KEY permission_id REFERENCES permissions.id ON DELETE CASCADE
    - FOREIGN KEY role_id REFERENCES roles.id ON DELETE CASCADE

Installation

Install package via composer

composer require cosmos/rbac

The service provider will automatically get registered. Or you may manually add the service provider in your config/app.php file:

'providers' => [
    // ...
    Cosmos\Rbac\RbacServiceProvider::class,
];

You can add middleware inside your app/Http/Kernel.php file:

protected $routeMiddleware = [
    // ...
    'role' => \Cosmos\Rbac\Middleware\Role::class,
    'permission' => \Cosmos\Rbac\Middleware\Permission::class,
];

You should publish the config/rbac.php config file:

php artisan vendor:publish --provider="Cosmos\Rbac\RbacServiceProvider"

Models

User

Add the Cosmos\Rbac\RoleBasedAccessControl trait to your App\User model:

namespace App;

use Illuminate\Foundation\Auth\User as Authenticatable;
use Cosmos\Rbac\RoleBasedAccessControl;

class User extends Authenticatable
{
    use RoleBasedAccessControl;

    //
}

Role

Extends the Cosmos\Rbac\Role to your App\Role model:

namespace App;

use Cosmos\Rbac\Role as RoleModel;

class Role extends RoleModel
{
    //
}

Permission

Extends the Cosmos\Rbac\Permission to your App\Permission model:

namespace App;

use Cosmos\Rbac\Permission as PermissionModel;

class Permission extends PermissionModel
{
    //
}

Usage

Assigning Roles and Permissions

You can assign editor role to the specific user.

$blogEdit = Permission::create(['name' => 'blog.edit']);
$newsEdit = Permission::create(['name' => 'news.edit']);

// Assign `blog.edit` and `news.edit` permission to `editor` role.
$editor = Role::create(['name' => 'editor']);
$editor->permissions()->attach($blogEdit);
$editor->permissions()->attach($newsEdit);

// Assign `editor` role to the user.
$user = User::find(1);
$user->roles()->attach($editor);

// checking whether the user has roles.
$user->hasRole('editor'); // true

// checking whether the user has permissions.
$user->hasPermission('blog.edit');   // true
$user->hasPermission('blog.delete'); // false

// checking multiple roles or permissions.
$user->hasRole(['editor', 'news-editor']); // true.
$user->hasPermission(['blog.edit', 'blog.delete'], true); // returns false. second parameter is `requireAll`, default is false.

And also you can deny roles from the user.

$editor->permissions()->detach($newsEdit);
$user->hasPermission('news.edit'); // false

$user->roles()->detach($editor);
$user->hasRole('editor'); // false

Using Middleware

Using middleware rules in routes

Route::group(['middleware' => ['role:admin']], function () {
    //
});

// You can separate multiple roles or permission with a '|' (pipe) character.
Route::group(['middleware' => ['permission:edit articles|publish articles']], function () {
    //
});

Route::get('admin/profile', function () {
    //
})->middleware('role:admin', 'permission:admin.access');

Using middleware rules in Controllers

public function __construct()
{
    $this->middleware('role:super-user');
    // or
    $this->middleware(['role:admin', 'permission:admin.access']);
}

Using Blade Directives

Check for a specific role:

@role('editor')
    //
@else
    //
@endrole

or permissions

@permission('blog.read,blog.edit')
    //
@endpermission

License

The MIT License