georgebohnisch/redoubt-plus

A resource-level ACL for Laravel 4.

Maintainers

Details

github.com/georgebohnisch/redoubt-plus

Homepage

Source

Installs: 42

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 2

Forks: 3

1.3 2014-03-16 22:37 UTC

Requires

MIT 7b4c6294a87c50e2f6d7bc3d0e51f2bd1ad62a91

  • Greg Gilbert <greg.woop@greg-gilbert.com>

acllaravelresourcelaravel4

This package is not auto-updated.

Last update: 2024-04-13 13:20:26 UTC

README

A fork of greggilbert/redoubt with a few useful additions.

A resource-level ACL for Laravel 4. Based on and inspired by lukaszb/django-guardian, an excellent Django library.

Installation

Add the following line to the require section of composer.json:

{
    "require": {
        "georgebohnisch/redoubt-plus": "dev-master"
    }
}

Setup

  1. Add Georgebohnisch\Redoubt\RedoubtServiceProvider to the service provider list in app/config/app.php.
  2. Add 'Redoubt' => 'Georgebohnisch\Redoubt\Facades\Redoubt', to the list of aliases in app/config/app.php.
  3. If you're using Eloquent, run php artisan migrate --package=georgebohnisch/redoubt-plus.
  4. OPTIONAL: If you plan to override any of the base classes (e.g. User), run php artisan config:publish georgebohnisch/redoubt-plus.

Usage

Redoubt offers two levels of permissions: users and groups. Users and groups can be given access to resources, and users can be associated to groups. Each resouce must have permission defined on it.

Redoubt uses Laravel's built-in polymorphic relations to handle its associations, so all you have to do is pass in the actual model.

On resources

Resources need to implement Georgebohnisch\Redoubt\Permission\PermissibleInterface, which defines one method, getPermissions(). The method needs to return an array where the key is the permission, and the value is the description:

class Article implements Georgebohnisch\Redoubt\Permission\PermissibleInterface
{
    public function getPermissions()
    {
        return array(
            'edit' => 'Edit an article',
            'view' => 'View an article',
        );
    }
}

This MUST be defined for each method; trying to associate a permission on a resource where the permission is not already defined will throw an error.

To create a group:

$group = Redoubt::group()->create(array(
    'name' => 'My Group',
));

To create an admin group, add 'is_admin' => true, into the create() statement.

To associate a user to a resource:

$resource = Article::find(1);

Redoubt::allowUser('edit', $resource);

allowUser() has a third parameter for a user; if it's not defined, it will default to the current one used by Laravel's Auth.

To deassociate a user to a resource:

Redoubt::disallowUser('edit', $resource);

To associate a group to a resource:

$group = // your definition here...

Redoubt::allowGroup('edit', $resource, $group);

To deassociate a group to a resource:

Redoubt::disallowGroup('edit', $resource, $group);

To associate a user to a group:

If you're using the default configuration, Users and Groups are Eloquent models, so you would do:

$user->groups()->attach($group);

To check if a user has access:

Redoubt::userCan('edit', $resource); // returns a boolean

Redoubt::userCan() checks if the user has access or if they're in any groups that have that access. This function will return true for user who is in any admin groups.

To get all permissions that a user has:

Redoubt::getPermissions();

getPermissions() can take three parameters: a user, an object, and a permission. All of these parameters are optional. If the first parameter is left as null, it will use the current user.

The following would get all the permissions the current user has for Articles.

$permissions = Redoubt::getPermissions(null, 'Article');

Similarly, this would get all the permissions the current user has for editing Articles.

$permissions = Redoubt::getPermissions(null, 'Article', 'edit');

You can pass in an Article object for the second parameter as well.

To get users who have permissions to an object:

Redoubt::getUsers('edit', $resource);

Note that this will return UserObjectPermission models; you'll need to then call ->getUser() to get the user.

To get groups who have permissions to an object:

Redoubt::getGroups('edit', $resource);

Note that this will return GroupObjectPermission models; you'll need to then call ->getGroup() to get the group.

Other functions

To check if a user is in a group:

User::inGroup($groups);

$groups should be an array of Group objects.

To get users in a group:

$group->getUsers()

This will return a collection of User objects.

Extension

Redoubt has a built-in User class, but if you want to extend it to use on your own, either extend Georgebohnisch\Redoubt\User\EloquentUser or implement the Georgebohnisch\Redoubt\User\UserInterface interface. You'll also need to publish the config for the package and change the user model listed there.