Roles And Permissions For Laravel 5
forked from romanbican/roles, (*1)
Powerful package for handling roles and permissions in Laravel 5 (5.1 and also 5.0)., (*2)
Installation
This package is very easy to set up. There are only couple of steps., (*3)
Composer
Pull this package in through Composer (file composer.json)., (*4)
{
"require": {
"php": ">=5.5.9",
"laravel/framework": "5.1.*",
"bican/roles": "2.1.*"
}
}
If you are still using Laravel 5.0, you must pull in version 1.7.*., (*5)
Run this command inside your terminal., (*6)
composer update
Service Provider
Add the package to your application service providers in config/app.php file., (*7)
'providers' => [
/*
* Laravel Framework Service Providers...
*/
Illuminate\Foundation\Providers\ArtisanServiceProvider::class,
Illuminate\Auth\AuthServiceProvider::class,
...
/**
* Third Party Service Providers...
*/
Bican\Roles\RolesServiceProvider::class,
],
Config File And Migrations
Publish the package config file and migrations to your application. Run these commands inside your terminal., (*8)
php artisan vendor:publish --provider="Bican\Roles\RolesServiceProvider" --tag=config
php artisan vendor:publish --provider="Bican\Roles\RolesServiceProvider" --tag=migrations
And also run migrations., (*9)
php artisan migrate
This uses the default users table which is in Laravel. You should already have the migration file for the users table available and migrated., (*10)
HasRoleAndPermission Trait And Contract
Include HasRoleAndPermission trait and also implement HasRoleAndPermission contract inside your User model., (*11)
use Bican\Roles\Traits\HasRoleAndPermission;
use Bican\Roles\Contracts\HasRoleAndPermission as HasRoleAndPermissionContract;
class User extends Model implements AuthenticatableContract, CanResetPasswordContract, HasRoleAndPermissionContract
{
use Authenticatable, CanResetPassword, HasRoleAndPermission;
And that's it!, (*12)
Usage
Creating Roles
use Bican\Roles\Models\Role;
$adminRole = Role::create([
'name' => 'Admin',
'slug' => 'admin',
'description' => '', // optional
'level' => 1, // optional, set to 1 by default
]);
$moderatorRole = Role::create([
'name' => 'Forum Moderator',
'slug' => 'forum.moderator',
]);
Because of Slugable trait, if you make a mistake and for example leave a space in slug parameter, it'll be replaced with a dot automatically, because of str_slug function., (*13)
Attaching And Detaching Roles
It's really simple. You fetch a user from database and call attachRole method. There is BelongsToMany relationship between User and Role model., (*14)
use App\User;
$user = User::find($id);
$user->attachRole($adminRole); // you can pass whole object, or just an id
$user->detachRole($adminRole); // in case you want to detach role
$user->detachAllRoles(); // in case you want to detach all roles
Checking For Roles
You can now check if the user has required role., (*15)
if ($user->is('admin')) { // you can pass an id or slug
// or alternatively $user->hasRole('admin')
}
You can also do this:, (*16)
if ($user->isAdmin()) {
//
}
And of course, there is a way to check for multiple roles:, (*17)
if ($user->is('admin|moderator')) {
/*
| Or alternatively:
| $user->is('admin, moderator'), $user->is(['admin', 'moderator']),
| $user->isOne('admin|moderator'), $user->isOne('admin, moderator'), $user->isOne(['admin', 'moderator'])
*/
// if user has at least one role
}
if ($user->is('admin|moderator', true)) {
/*
| Or alternatively:
| $user->is('admin, moderator', true), $user->is(['admin', 'moderator'], true),
| $user->isAll('admin|moderator'), $user->isAll('admin, moderator'), $user->isAll(['admin', 'moderator'])
*/
// if user has all roles
}
Levels
When you are creating roles, there is optional parameter level. It is set to 1 by default, but you can overwrite it and then you can do something like this:, (*18)
if ($user->level() > 4) {
//
}
If user has multiple roles, method level returns the highest one., (*19)
Level has also big effect on inheriting permissions. About it later., (*20)
Creating Permissions
It's very simple thanks to Permission model., (*21)
use Bican\Roles\Models\Permission;
$createUsersPermission = Permission::create([
'name' => 'Create users',
'slug' => 'create.users',
'description' => '', // optional
]);
$deleteUsersPermission = Permission::create([
'name' => 'Delete users',
'slug' => 'delete.users',
]);
Attaching And Detaching Permissions
You can attach permissions to a role or directly to a specific user (and of course detach them as well)., (*22)
use App\User;
use Bican\Roles\Models\Role;
$role = Role::find($roleId);
$role->attachPermission($createUsersPermission); // permission attached to a role
$user = User::find($userId);
$user->attachPermission($deleteUsersPermission); // permission attached to a user
$role->detachPermission($createUsersPermission); // in case you want to detach permission
$role->detachAllPermissions(); // in case you want to detach all permissions
$user->detachPermission($deleteUsersPermission);
$user->detachAllPermissions();
Checking For Permissions
if ($user->can('create.users') { // you can pass an id or slug
//
}
if ($user->canDeleteUsers()) {
//
}
You can check for multiple permissions the same way as roles. You can make use of additional methods like canOne, canAll or hasPermission., (*23)
Permissions Inheriting
Role with higher level is inheriting permission from roles with lower level., (*24)
There is an example of this magic:, (*25)
You have three roles: user, moderator and admin. User has a permission to read articles, moderator can manage comments and admin can create articles. User has a level 1, moderator level 2 and admin level 3. It means, moderator and administrator has also permission to read articles, but administrator can manage comments as well., (*26)
If you don't want permissions inheriting feature in you application, simply ignore level parameter when you're creating roles., (*27)
Entity Check
Let's say you have an article and you want to edit it. This article belongs to a user (there is a column user_id in articles table)., (*28)
use App\Article;
use Bican\Roles\Models\Permission;
$editArticlesPermission = Permission::create([
'name' => 'Edit articles',
'slug' => 'edit.articles',
'model' => 'App\Article',
]);
$user->attachPermission($editArticlesPermission);
$article = Article::find(1);
if ($user->allowed('edit.articles', $article)) { // $user->allowedEditArticles($article)
//
}
This condition checks if the current user is the owner of article. If not, it will be looking inside user permissions for a row we created before., (*29)
if ($user->allowed('edit.articles', $article, false)) { // now owner check is disabled
//
}
Blade Extensions
There are four Blade extensions. Basically, it is replacement for classic if statements., (*30)
@role('admin') // @if(Auth::check() && Auth::user()->is('admin'))
// user is admin
@endrole
@permission('edit.articles') // @if(Auth::check() && Auth::user()->can('edit.articles'))
// user can edit articles
@endpermission
@level(2) // @if(Auth::check() && Auth::user()->level() >= 2)
// user has level 2 or higher
@endlevel
@allowed('edit', $article) // @if(Auth::check() && Auth::user()->allowed('edit', $article))
// show edit button
@endallowed
@role('admin|moderator', 'all') // @if(Auth::check() && Auth::user()->is('admin|moderator', 'all'))
// user is admin and also moderator
@else
// something else
@endrole
Middleware
This package comes with VerifyRole, VerifyPermission and VerifyLevel middleware. You must add them inside your app/Http/Kernel.php file., (*31)
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'role' => \Bican\Roles\Middleware\VerifyRole::class,
'permission' => \Bican\Roles\Middleware\VerifyPermission::class,
'level' => \Bican\Roles\Middleware\VerifyLevel::class,
];
Now you can easily protect your routes., (*32)
$router->get('/example', [
'as' => 'example',
'middleware' => 'role:admin',
'uses' => 'ExampleController@index',
]);
$router->post('/example', [
'as' => 'example',
'middleware' => 'permission:edit.articles',
'uses' => 'ExampleController@index',
]);
$router->get('/example', [
'as' => 'example',
'middleware' => 'level:2', // level >= 2
'uses' => 'ExampleController@index',
]);
It throws \Bican\Roles\Exceptions\RoleDeniedException, \Bican\Roles\Exceptions\PermissionDeniedException or \Bican\Roles\Exceptions\LevelDeniedException exceptions if it goes wrong., (*33)
You can catch these exceptions inside app/Exceptions/Handler.php file and do whatever you want., (*34)
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof \Bican\Roles\Exceptions\RoleDeniedException) {
// you can for example flash message, redirect...
return redirect()->back();
}
return parent::render($request, $e);
}
Config File
You can change connection for models, slug separator, models path and there is also a handy pretend feature. Have a look at config file for more information., (*35)
For more information, please have a look at HasRoleAndPermission contract., (*36)
License
MIT, (*37)
Wallogit.com
