Simple RBAC/ACL for Laravel 8 and more with caching permissions and permission groups for better convenience.
- Installation
- Usage
- Roles
- Permissions
- Permission groups
- Protected routes
- Blade Extensions
- License
Install this package with composer using the following command:
composer require yaroslavmolchan/rbac
or you can add to your composer.json for Laravel 8.0
"require": {
...
"yaroslavmolchan/rbac": "^2.0"
}
or if you use Laravel 5.5 use:
"require": {
...
"yaroslavmolchan/rbac": "^1.0"
}
then run composer update.
Add Service Provider to providers array in config/app.php file.
'providers' => [
...
/*
* Package Service Providers...
*/
YaroslavMolchan\Rbac\RbacServiceProvider::class,
...
],Publish migration files
$ php artisan vendor:publish --provider="YaroslavMolchan\Rbac\RbacServiceProvider" --tag=migrations
And then run migrations
$ php artisan migrate
Add middleware to your app/Http/Kernel.php file.
protected $routeMiddleware = [
...
'role' => \YaroslavMolchan\Rbac\Middleware\CheckRole::class,
'permission' => \YaroslavMolchan\Rbac\Middleware\CheckPermission::class
];Add Rbac trait to your User model
use \YaroslavMolchan\Rbac\Traits\Rbac;
class User extends Authenticatable
{
use Rbac;
...
}use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::create([
'name' => 'Administrator',
'slug' => 'admin'
]);
$managerRole = Role::create([
'name' => 'Manager',
'slug' => 'manager'
]);You can simple attach role to user:
use App\User;
$user = User::find(1);
$user->attachRole($adminRole);
//or you can insert only id
$user->attachRole($adminRole->id);And the same if you want to detach role:
use App\User;
$user = User::find(1);
$user->detachRole($adminRole);
//or you can insert only id
$user->detachRole($adminRole->id);You can simple check if user has role:
use App\User;
$user = User::find(1);
if ($user->hasRole('admin')) {
}use \YaroslavMolchan\Rbac\Models\Permission;
$createPermission = Permission::create([
'name' => 'Create product',
'slug' => 'product.create'
]);
$removePermission = Permission::create([
'name' => 'Delete product',
'slug' => 'product.remove'
]);You can attach permission to role very simple:
use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::find(1);
$adminRole->attachPermission($createPermission);
//or you can insert only id
$adminRole->attachPermission($createPermission->id);And the same to detach permission:
use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::find(1);
$adminRole->detachPermission($createPermission);
//or you can insert only id
$adminRole->detachPermission($createPermission->id);If you want attach or detach array of permissions you can do it:
use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::find(1);
$adminRole->attachPermissions([$createPermission, $removePermission]);
//or you can insert only id
$adminRole->detachPermission([$createPermission->id, $removePermission->id]);use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::find(1);
$adminRole->detachPermissions([$createPermission, $removePermission]);
//or you can insert only id
$adminRole->detachPermissions([$createPermission->id, $removePermission->id]);You can simple check if user has permission:
use App\User;
$user = User::find(1);
if ($user->canDo('product.create')) {
}All permissions for each role store in cache, and when you check for permission - it take information from cache, that`s why its works quickly.
Permission groups created for group some permissions in one main group, and then you can attach permission group to role and all permissions in this group attach to this role to. Its very useful thing.
use \YaroslavMolchan\Rbac\Models\PermissionGroup;
$productManagementPermissionGroup = PermissionGroup::create([
'name' => 'Product management',
'module' => 'main' // optional
]);You can add permission to group very simple:
use \YaroslavMolchan\Rbac\Models\Permission;
$createPermission = Permission::find(1);
$productManagementPermissionGroup->attachPermission($createPermission);
//or you can insert only id
$productManagementPermissionGroup->attachPermission($createPermission->id);And the same to remove permission from group:
use \YaroslavMolchan\Rbac\Models\Permission;
$createPermission = Permission::find(1);
$productManagementPermissionGroup->detachPermission($createPermission);
//or you can insert only id
$productManagementPermissionGroup->detachPermission($createPermission->id);You can attach permission group to role very simple:
use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::find(1);
$adminRole->attachGroup($productManagementPermissionGroup);And the same to detach permission group:
use \YaroslavMolchan\Rbac\Models\Role;
$adminRole = Role::find(1);
$adminRole->detachGroup($productManagementPermissionGroup);You can easily protect your routes with role and permission params:
Route::get('/admin', [
'uses' => 'AdminController@index',
'middleware' => 'role:admin'
]);
Route::get('/products/create', [
'uses' => 'ProductsController@create',
'middleware' => 'permission:product.create'
]);You can check roles and permissions in Blade like this:
@ifUserIs('admin')
// show content only for admin
@else
// show content for other roles
@endif
@ifUserCan('product.create')
// show product create content
@endifLaravel RBAC is open-sourced software licensed under the MIT license