leoche/laravel-lpermissions

Users Roles & Permissions for routes

Maintainers

Details

github.com/Leoche/laravel-lpermissions

Source

Issues

Installs: 58

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 3

Forks: 0

Open Issues: 0

Type:laravel-package

1.0.4 2017-04-13 15:22 UTC

Requires

MIT 68fe06265555e2236abfa40c9f5b15ecc4c89688

  • Leoche <leodesigaux.woop@gmail.com>

This package is not auto-updated.

Last update: 2024-11-23 20:58:53 UTC

README

Laravel Source License

Laravel LPermissions adds roles and permissions to Auth Laravel 5.3. Protect your routes and your views.

Table of Contents

Requirements

  • This package requires PHP 5.5+
  • This package requires Laravel 5.3

Installation

1. Require the package in your composer.json and update your dependency with composer update:

"require": {
...
"leoche/laravel-lpermissions": "1.0",
...
},

2. Add the package to your application service providers in config/app.php.

'providers' => [
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
...
Leoche\LPermissions\LPermissionsServiceProvider::class,

],

3. Publish the package migrations to your application and run these with php artisan migrate.

$ php artisan vendor:publish --provider="Leoche\LPermissions\LPermissionsServiceProvider"

4. Add the middleware to your app/Http/Kernel.php.

protected $routeMiddleware = [

....
'permission' => \Leoche\LPermissions\Middleware\checkPermission::class,

];

5. Add the HasRole trait to your User model.

use Leoche\LPermissions\Traits\HasRole;

class User extends Model implements AuthenticatableContract, CanResetPasswordContract
{
use Authenticatable, HasRole;
}

Methods Usage

Roles

Creating roles

$role = new Role();
$role->name = 'Admin';
//The slug will be automatically generated from the role name
$role->save();

Assign or Remove a role

$user = User::find(1);
$user->setRole(2); // with id
//OR
$user->setRole("Admin"); // with slug/name
$user->removeRole();

Assign or remove an inherit role to a role

$role = Role::find(1);
$role->setInheritRole(2); //with id
//OR
$role->setInheritRole("Admin");
$role->removeInheritRole();

Assign or remove a permission to a role or a user

$role = Role::find(1);
$role->setPermission("admin/*", "*");
$role->removePermission("/admin/*", "*");

$user = User::find(1);
$user->setPermission("secretpage", "GET");
$user->removePermission("secretpage", "GET");


$user = User::find(1);
$user->removeAllPermissions(); //delete all permissions of user
$user->getRole->removeAllPermissions(); //delete all permissions of user's role

$role = Role::find(1);
$role->removeAllPermissions();

Notes : LPermissions parse permissions path as:

Routes Usage

You just have to specifythe middleware to the group route. It will check for permission and abort 401 if unauthorised

Route::get('/home', function () {
	return "You can go here";
});
...
Route::group(['middleware' => ['auth']], function () {
	Route::get('/home1', function () {
		return "You can go here if you're logged";
	});
});
...
Route::group(['middleware' => ['permission']], function () {
	Route::get('/home2', function () {
		return "You can go here if you or your role have '/home2' or '/*' permission";
	});
});
...
Route::group(['middleware' => ['auth','permission']], function () {
	Route::get('/home3', function () {
		return "You can go here if you're logged and you or your role have '/home3' or '/*' permission";
	});
});

Blades Usage

In your blades view you can use directives to show something (eg: links, infos) only if the user has the permission or the role

@permission('admin/dashboard')
 //Only shown to users who can access to admin dashboard
@endpermission
...
@permission('admin/posts','post')
 //Only shown to users who can access to admin posts with method POST
@endpermission
...

...
@role('moderator')
 //Only shown to moderators role
@endrole
...
@role('*')
 //Has any roles
@else
 //Has no role (Eg: role_id=0)
@endrole

Example

Users Table

Roles Table

Permissions Table

Route web.php

Route::get('/', function () {
	return "home ppage";
});

Route::group(['middleware' => ['auth','permission']], function () {
	Route::get('/secret', function () {
		return "SECRET PAGE";
	});
	Route::get('/account', function ($id) {
		return "view account infos";
	});
});

Route::group(["prefix" => "admin",'middleware' => ['auth','permission']], function () {
	Route::get('/', function () {
		return view('dashboard');
	});
	Route::ressource('posts', 'PostController');
});

Everyone can see the homepage

Only mike can view /secret

Lisa can do anything in /admin/* and view account pages (inherit from members)

John can only view accounts pages

Todo

  • Function to assign/revoke role to users
  • Function to assign/revoke permission to role
  • Function to inherit role to role