enclave-code / static-auth-manager
Static manage roles and permission in Laravel
Requires
- php: >=7.2
Requires (Dev)
- orchestra/testbench: ^3.7
- phpunit/phpunit: 8.3.4
This package is auto-updated.
Last update: 2024-09-30 01:52:08 UTC
README
Manage user permissions and roles in your Laravel application by domain driven rules.
Example
Add single role
$user->assignRole('admin'); $user->hasRole('admin'); // true
Add many roles
$user->assignRole(['admin','user']); $user->hasRole('admin'); // true $user->hasRole('user'); // true
You can define roles and permissions by code at config/permission.php
.
'role' => [ 'admin' => [ 'news/*', // Allow all paths beginning with news/ ], 'editor' => [ 'news/*', ], 'user' => [ 'news/show', // Explicitly allow news/show ], ]
You can check permissions by
$admin->hasPermissionTo('news/delete'); // true $editor->hasPermissionTo('news/delete'); // false $user->hasPermissionTo('news/delete'); // false
Installation
# Add library composer require enclave-code/static-auth-manager # Public vendors php artisan vendor:publish
Older than Laravel 5.5 need a service provider registration.
// config/app.php 'providers' => [ EnclaveCode\StaticAuthManager\Providers\PermissionServiceProvider::class, ];
Usage
Add trait to model
use HasRoles;
Using roles
You can define the roles in the config/permission.php
file.
// config/permission.php 'roles' => [ 'role_name' => [], 'admin' => [], ],
Assign role/roles
Add a role to a model.
$model->assignRole('admin');
Add a roles to a model.
$model->assignRole(['admin','user']);
Check role/roles
You can check the roles via:
$model->hasRole('admin'); $model->getRoles(); // return collection(['admin'])
$model->hasRole(['admin','user']); $model->getRoles(); // return collection(['admin','user']);
Detach role/roles
You can detach the roles via:
$model->assignRole(['admin','user']); $model->detachRole('admin'); $model->getRoles(); // return collection(['user'])
Using permissions
Permissions are based on the MQTT syntax. Permissions are specified as path. Thus, individual security levels can be mapped and generally released via wildcards.
Check permissions
$model->hasPermissionTo('users/show/email');
$model->hasPermissionTo(['users/show', 'users/edit']);
$model->hasAnyPermission('users/show/email');
$model->hasAnyPermission(['users/show', 'users/edit']);
Configuration
*
Wildcard for everything following
You can define the role permissions in the config/permission.php
file.
// config/permission.php 'roles' => [ 'role_name' => [ 'users/*' ], 'admin' => [ 'users/create', ], ],
Using Blade directives
You can use Blade directives in your views.
Role
@role('admin') Show if user is admin @endrole
@unlessrole('admin') Show if user is not admin @endunlessrole
Permission
@permission('user/edit') Show if user has rights to user/edit @endpermission
You can use several permissions too.
@permission('user/edit|user/create') Show if user has rights to user/edit AND user/create @endpermission
@anypermission('user/edit|user/create') Show if user has rights to user/edit OR user/create @endanypermission
Middleware
Add the middleware to your src/Http/Kernel.php
class Kernel extends HttpKernel { ... protected $routeMiddleware = [ ... 'permission' => \EnclaveCode\StaticAuthManager\Middleware\HasAnyPermissionMiddleware::class, 'role' => \EnclaveCode\StaticAuthManager\Middleware\HasRoleMiddleware::class ] }
And use it like
// If user has 'admin' or 'user' role Route::group(['middleware' => ['role:admin|user']], function () { // }) // If user has 'admin' role Route::group(['middleware' => ['role:admin']], function () { // }) // If user has 'user/create' Route::group(['middleware' => ['permission:create/user']], function () { // }) // If user has 'user/create' or 'user/edit' Route::group(['middleware' => ['permission:create/user|user/edit']], function () { // })
Config
Example Config
<?php // config/permission.php return [ /** * DB Column name from model */ 'column_name' => env('SAM_ROLE_COLUMN_NAME', 'role'), /** * Roles with permission as path * * - `*` Wildcard everything following * * 'admin' => [ * 'users/*', * ], * 'user' => [ * 'users/create' * ] * */ 'roles' => [], ];
Additional config in .env
# StaticAuthManager - column name in user model SAM_ROLE_COLUMN_NAME='role'
Testing
composer test # same to ./vendor/bin/phpunit
Todo
- Add new migration to user with new column with role
- Describe how roles and permissions work in readme
Credits
Primarily forked from sourceboat/laravel-static-permission.
License
The MIT License (MIT). Please see License File for more information.