railken / amethyst-permission
Requires
- php: >=8.2
- amethyst/core: 0.3.*
- amethyst/owner: 0.3.*
- nicoswd/php-rule-parser: ^0.7.1
- railken/template: ^1.1
Requires (Dev)
- amethyst/foo: 0.3.*
- amethyst/user: 0.3.*
- friendsofphp/php-cs-fixer: ^3.52
- orchestra/testbench: *
- phpunit/phpunit: *
README
Amethyst package.
Define permissions with an extensive customization for your data and routes.
Requirements
PHP 7.2 and later.
TODO
- Attribute Authorization
Installation
You can install it via Composer by typing the following command:
composer require amethyst/permission
The package will automatically register itself.
Usage
A simple usage looks like this
use Amethyst\Models\Permission; use Symfony\Component\Yaml\Yaml; Permission::create([ 'effect' => 'accept', 'type' => 'data', 'payload' => Yaml::dump([ 'action' => 'create', 'data' => 'foo' ]), 'agent' => '{{ agent.id }} == 1', ]);
Permissions will be automatically reloaded whenever a eloquent.saved
is fired for Permission
model.
Effect
The effect can be either accept
or deny
. Without any permissions any user is denied to perform anything. If you add both permission accept and deny both of them are applied.
For example you could set "user can see all comments" and "user cannot see this comment". At the end the user can see all comments except the one that you defined.
Type
The type of your permission indicate which class will be used to resolve your request.
It can be either data
or route
, but you can extend it in amethyst.permissions.permission
Agent
The agent is retrieved through the facade Illuminate\Support\Facades\Auth
and the method user()
.
When this field is null it means that it's applied to all agents.
Agent must return a condition true or false.
If you wish to see the syntax see nicoSWD/php-rule-parser.
Before parsing with the logic parser, a twig parser comes in. The only variable passed is the agent and it is your App\Models\User
. You can then use whanever logic you want to get the information you want. For example you can filter by any attributes and any relations (e.g. groups): {{ agent.groups.contains('myGroupName') ? 1 : 0 }} === 1
Payload
A payload in YAML the define the specification of your permission. For example for the permission route
it can be a wildcard for the url.
Payload - Route
- name: The name of the route you wish to use, you can use wildcard
*
- url: The url of the route, same like before, you can use the wildcard
*
, - method: The method of the route
Some examples:
Enable endpoint /profile
for each user.
use Amethyst\Models\Permission; use Symfony\Component\Yaml\Yaml; Permission::create([ 'type' => 'route', 'payload' => Yaml::dump([ 'url' => '/profile' ]) ]);
You can also use an array
use Amethyst\Models\Permission; use Symfony\Component\Yaml\Yaml; Permission::create([ 'type' => 'route', 'payload' => Yaml::dump([ 'url' => [ '/profile', '/recovery-password' ], 'method' => [ 'POST', 'GET' ] ]) ]);
Enable endpoints foo.* (foo.index, foo.create, foo.show, foo.update, foo.delete) for user id 2
use Amethyst\Models\Permission; use Symfony\Component\Yaml\Yaml; Permission::create([ 'type' => 'route', 'payload' => Yaml::dump([ 'url' => 'foo.*' ]), 'agent' => '{{ agent.id }} === 2' ]);
Payload - Data
The following example will permit the user#2 to visualize only the data named post
that contains in the name foo
use Amethyst\Models\Permission; use Symfony\Component\Yaml\Yaml; Permission::create([ 'type' => 'data', 'payload' => Yaml::dump([ 'name' => [ 'post' ], 'action' => [ 'query', ], 'filter' => [ 'name ct "foo"' ] ]), 'agent' => '{{ agent.id }} === 2' ]);
List of all actions: query, create, update, remove