Skip to content
This repository has been archived by the owner. It is now read-only.
UNMAINTAINED! Laravel 4 RBAC
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
tests
.gitignore
.travis.yml
LICENSE
composer.json
phpunit.xml
readme.md

readme.md

Access - RBAC for Laravel 4 Build Status

My stab at an RBAC system for Laravel 4.

This is probably extremely query intensive and I have not made many attempts to optimize the number of queries ran/in-memory caching being done.

I wrote this with the intention of using it on small systems with a low number of concurrent users. It is made for systems where you need to control permissions on row-basis rather than just some generalized roles and permissions.

Contribution

Bug reports, feature suggestions and code improvements are highly welcome. If you make a pull request, do make sure that your changes pass the unit tests.

Use the github issue system! If you just want to have a chat, look for me in #laravel on freenode.

Installation

Requirements

  • PHP 5.4 or higher
  • Laravel 4.1 or higher

Install

composer require anlutro/access

Check packagist.org or the github tag list for the latest stable release, or use dev-master if you like living on the edge.

Copy migrations

Copy migrations from vendor/anlutro/access/src/migrations to your app's migration directory. Alternatively, run them with php artisan migrate --package anlutro/access if you just want to play around with the system - copying the migration files manually is recommended for production setups.

Create your user model

Because you probably want to put your own functions and fields on the User model/table, you create the user model yourself. There are two ways to do this and ensure it works with the RBAC system - inheritance (extending a base class) or traits.

class MyUser extends anlutro\Access\Models\User {}

class MyUser extends Eloquent implements anlutro\Access\Interfaces\SubjectInterface
{
	use anlutro\Access\Traits\UserSubject;
}

You are responsible for creating the user table. Remember to update your app/config/auth.php file to reflect your model.

Create one or more resource models

Again you can do this with inheritance or traits:

class MyResource extends anlutro\Access\Models\Resource {}

class MyResource extends Eloquent implements anlutro\Access\Interfaces\ResourceInterface
{
	use anlutro\Access\Traits\ResourceSubject;
}

You are responsible for creating any resource tables.

Usage

First, we need to create some permissions.

use anlutro\Access\Models\Permission;
$lowPermission = Permission::create(['name' => 'Normal Permission']);
$highPermission = Permission::create(['name' => 'High Level Permission']);

Then, let's assign some permissions to actions on one of our resource models. Resource actions with no permissions assigned to them are allowed by default, so be careful.

MyResource::addGlobalPermissionTo('show', $lowPermission);
MyResource::addGlobalPermissionTo('create', $lowPermission);
MyResource::addGlobalPermissionTo('create', $highPermission);
// MyResource::removeGlobalPermissionTo('create', $highPermission);

You can also assign permissions required on specific resources.

$resource = MyResource::first();
$res->addPermissionTo('create', $superHighPermission);
// $res->removePermissionTo('create', $superHighPermission);

Let's create a couple of roles. This step is optional, permissions can be added to users directly if you like - the syntax is exactly the same.

use anlutro\Access\Models\Role;
$userRole = Role::create(['name' => 'User Role']);
$adminRole = Role::create(['name' => 'Admin Role']);
$bannedRole = Role::create(['name' => 'Banned']);
$userRole->addPermission($lowPermission);
$adminRole->addPermission($lowPermission);
$adminRole->addPermission($highPermission);
$bannedRole->denyPermission($lowPermission);

Let's assign the user role to one of our users.

$user = User::first();
$user->addRole($userRole);
// $user->removeRole($userRole);

Now, the user should have access to show, but not create a MyResource.

$resource = MyResource::first();
var_dump( $user->hasPermissionTo('show', $resource) );
$resource = new MyResource;
var_dump( $user->hasPermissionTo('create', $resource) );

If we assign the user the admin role, however, he should have access to create as well.

$user->addRole($adminRole);
var_dump( $user->hasPermissionTo('create', $resource) );

Most of the time you'll be running these checks against the currently logged in user. The Access facade has some handy shorthand functions for this.

use anlutro\Access\Access;
var_dump( Access::allowed('show', $resource) );
var_dump( Access::denied('create', $resource) );

License

The contents of this repository is released under the MIT license.

You can’t perform that action at this time.