mayconbordin / entrust-middleware
A Laravel 5 middleware for Entrust
Requires
- php: >=5.4.0
- illuminate/routing: 5.0.*|5.1.*|5.2.*
- illuminate/support: 5.0.*|5.1.*|5.2.*
This package is not auto-updated.
Last update: 2024-10-26 17:54:56 UTC
README
A Laravel 5 middleware for Entrust.
Installation
In order to install entrust-middleware, just add
"mayconbordin/entrust-middleware": "dev-master"
to your composer.json. Then run composer install
or composer update
.
Add the following line
'permissions' => 'Mayconbordin\Entrust\Middleware\Permissions'
to your app/Http/Kernel.php
file in the $routeMiddleware
array.
Ownership Resolver
To use the middleware you need to implement the OwnershipResolverContract
and
register the binding interface to your implementation.
The interface defines the method hasOwnership($permission, $user, Route $route)
,
which must return a boolean. The idea is that sometimes a permission is conditional,
meaning that the user can only access or do something to certain resource if he is
the owner of such resource.
Imagine, for example, a blog with multiple authors that can only edit their own posts.
For the permission to be evaluated by the OwnershipResolverContract
service it must have
-own-
in the name, in this case edit-own-post
.
The implementation of the contract would look something like this:
class OwnershipResolver implements OwnershipResolverContract { public function hasOwnership($permission, $user, Route $route) { if ($permission == 'edit-own-post') { $post = Post::find($route->getParameter("id")); if ($post->author->id == $user->id) return true; } return false; } }
You then register the implementation on the register
method of AppServiceProvider
:
$this->app->bind( 'Mayconbordin\Entrust\Middleware\Contracts\OwnershipResolverContract', 'App\Services\OwnershipResolver' );
Usage
To check for a permission in a route:
Route::put('/posts/{id}', [ 'uses' => 'PostController@edit', 'middleware' => 'permissions', 'permissions' => 'edit-own-post' ]);
Or you can check for a role instead:
Route::put('/posts/{id}', [ 'uses' => 'PostController@edit', 'middleware' => 'permissions', 'roles' => 'admin' ]);
You can also check for both permissions and roles:
Route::put('/posts/{id}', [ 'uses' => 'PostController@edit', 'middleware' => 'permissions', 'permissions' => 'edit-own-post', 'roles' => 'admin' ]);
In this case the user must have either the permission or the role. At last, you can also list more than one permission or role:
Route::put('/posts/{id}', [ 'uses' => 'PostController@edit', 'middleware' => 'permissions', 'permissions' => ['edit-post', 'edit-own-post'] ]);