cubekit/laracan

There is no license information available for the latest version (v0.2.1) of this package.

Easy define abilities of the current user.

Maintainers

Details

github.com/cubekit/laracan

Source

Issues

Installs: 122

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 3

Forks: 0

Open Issues: 2

v0.2.1 2015-04-10 15:25 UTC

Requires

Unknown License 42ef84b88f6cc9a61487d674bb91b20d9e535496

  • Anatoliy Arkhipov <aarkhipov1991.woop@gmail.com>

laravelpermissions

This package is not auto-updated.

Last update: 2024-04-13 15:11:53 UTC

README

Installation

  • Require the package with composer:

composer require cubekit/laracan

  • Add provider to your config/app.php:

	'providers' => [

	    // ...

        'Cubekit\Laracan\LaracanServiceProvider',

        // ...

	],
  • Publish config:

php artisan vendor:publish --provider="Cubekit\Laracan\LaracanServiceProvider"

  • Add the Ability class to the app folder and implement the Cubekit\Laracan\AbilityContract

Note: the default config assumes that the Ability class is placed in the app folder. You are free to change it and place the class where would you want.

Usage

  • Define abilities
class Ability implements AbilityContract {

    public function initialize($user, Closure $can)
    {
        $user = $user ?: new App\User;

        // NOTE: Laracan does not provide any roles behavior! Assume that some
        // package already installed for this, like Entrust
        if ($user->hasRole('admin')) {

            // Admin can edit posts and comments unconditionally
            $can('edit', 'Post');
            $can('edit', 'Comment');

            return;
        }

        // User can edit a post only if he is its author
        $can('edit', 'Post', ['author_id' => $user->getKey()]);

        $can('edit', 'Comment', function($comment) use ($user)
        {
            // User can edit a comment only if he is its author
            // and comment is not older than 15 minutes
            return (
                $comment->author_id == $user->getKey() &&
                $comment->created_at >= Carbon::now()->subMinutes(15)
            );
        });

    }
}
  • Check ability in a request
class EditPostRequest {

    public function rules()
    {
        // ...
    }

    public function authorize()
    {
        $post = Post::find( $this->route('post') );

        return can('edit', $post);
    }

}
  • Check ability in a view
@foreach($post->comments as $comment)

<div class="comment">

    <div class="comment-body">{{ $comment->body }}</div>

    @can('edit', $comment)

        <div class="comment-footer">
            <a href="{{ route('comment.edit', $comment) }}">Edit</a>
        </div>

    @endcan

    </div>

</div>

@endforeach
  • Or you can use the can function directly to force IDE understand this code
@foreach($post->comments as $comment)

<div class="comment">

    <div class="comment-body">{{ $comment->body }}</div>

    @if( can('edit', $comment) )

        <div class="comment-footer">
            <a href="{{ route('comment.edit', $comment) }}">Edit</a>
        </div>

    @endif

    </div>

</div>

@endforeach

License

MIT