distilleries/permission-util

Provide a system to detect if the user connected have access or not. Provide a middleware to restrict access with a 403

v1.11.0 2019-09-10 09:55 UTC

This package is auto-updated.

Last update: 2024-12-10 22:15:22 UTC


README

Scrutinizer Code Quality Code Coverage Build Status Total Downloads Latest Stable Version License

Laravel 5 Permission Util

Provide a system to detect if the user connected have access or not. Provide a middleware to restrict access with a 403

Table of contents

  1. Installation
  2. Basic usage
  3. Middleware

##Installation

Add on your composer.json

    "require": {
        "distilleries/permission-util": "1.*",
    }

run composer update.

Add Service provider to config/app.php:

    'providers' => [
        // ...
       'Distilleries\PermissionUtil\PermissionUtilServiceProvider',
    ]

And Facade (also in config/app.php)

    'aliases' => [
        // ...
        'PermissionUtil'   => 'Distilleries\PermissionUtil\Facades\PermissionUtil',
    ]

Export the configuration:

php artisan vendor:publish --provider="Distilleries\PermissionUtil\PermissionUtilProvider"

###Basic usage To check the permission, I use the auth of your application. On your model use for the Auth implement the interface Distilleries\PermissionUtil\Contracts\PermissionUtilContract add the method hasAccess to define if the user have access or not. The key in param is a string action like UserController@getEdit.

    public function hasAccess($key)
    {
        return true;
    }

If the user is connected and your model haven't this method the class return true. If the user is not connected the permission util return false. To disabled the restriction of connected user just go in config file and put false in auth_restricted.

You can use the facade to detect if the user can access or not:

##Middleware The package provide a middleware to detect automatically if the user can access to a method of a controller. To active it just add on your app/Http/Kernel:

    protected $routeMiddleware = [
        //...
		'permission' => 'Distilleries\PermissionUtil\Http\Middleware\CheckAccessPermission',
	];

And on your controller or your route add the middleware:

    public function __construct()
    {
        $this->middleware('permission');
    
    }

If the user can access to an action that dispatch a 403