All notable changes to laravel-permission will be documented in this file
- Optional
$guardparameter may be passed toRoleMiddleware,PermissionMiddleware, andRoleOrPermissionMiddleware. See #1565
- Added Laravel 8 support
- Change
usersrelationship type to BelongsToMany
- Declare table relations earlier to improve guarded/fillable detection accuracy (relates to Aug 2020 Laravel security patch)
- Provide migration error text to stop caching local config when installing packages.
- Add missing config setting for
display_role_in_exception - Ensure artisan
permission:showcommand uses configured models
- Allow guardName() as a function with priority over $guard_name property #1395
- Update patch to handle intermittent error in #1370
- Ugly patch to handle intermittent error:
Trying to access array offset on value of type nullin #1370
- Add Wildcard Permissions feature #1381 (see PR or docs for details)
- Clear in-memory permissions on boot, for benefit of long running processes like Swoole. #1378
- Refine test for Lumen dependency. Ref #1371, Fixes #1372.
- Internal refactoring of scopes to use whereIn instead of orWhere #1334, #1335
- Internal refactoring to flatten collection on splat #1341
- Added methods to check any/all when querying direct permissions #1245
- Removed older Lumen dependencies #1371
- Added Laravel 7.0 support
- Allow splat operator for passing roles to
hasAnyRole()
- Added missing
guardNameto ExceptionPermissionDoesNotExist#1316
- Fix 3.4.0 for Lumen
- Make compatible with Swoole - ie: for long-running Laravel instances
- Expose Artisan commands to app layer, not just to console
- Remove duplicate and unreachable code
- Remove checks for older Laravel versions
- Implementation of optional guard check for hasRoles and hasAllRoles - See #1236
- Use bigIncrements/bigInteger in migration - See #1224
- Update dependencies to allow for Laravel 6.0
- Drop support for Laravel 5.7 and older, and PHP 7.1 and older. (They can use v2 of this package until they upgrade.) To be clear: v3 requires minimum Laravel 5.8 and PHP 7.2
- Allow support for multiple role/permission models
- Load roles relationship only when missing
- Wrap helpers in function_exists() check
- Added
permission:showCLI command to display a table of roles/permissions removeRolenow returns the model, consistent with other methods- model
$guardedproperties updated toprotected - README updates
- reverts the changes made in 2.36.0 due to some reported breaks.
- improve performance by reducing another iteration in processing query results and returning earlier
- overhaul internal caching strategy for better performance and fix cache miss when permission names contained spaces
- deprecated hasUncachedPermissionTo() (use hasPermissionTo() instead)
- added getPermissionNames() method
- Add explicit pivotKeys to roles/permissions BelongsToMany relationships
- Laravel 5.8 compatibility
- Fix duplicate permissions being created through artisan command
- Add custom guard query to role scope
- Remove use of array_wrap helper function due to future deprecation
- Change cache config time to DateInterval instead of integer
This is in preparation for compatibility with Laravel 5.8's cache TTL change to seconds instead of minutes.
NOTE: If you leave your existing config/permission.php file alone, then with Laravel 5.8 the 60 * 24 will change from being treated as 24 hours to just 24 minutes. Depending on your app, this may or may not make a significant difference. Updating your config file to a specific DateInterval will add specificity and insulate you from the TTL change in Laravel 5.8.
Refs:
https://laravel-news.com/cache-ttl-change-coming-to-laravel-5-8 https://github.com/laravel/framework/commit/fd6eb89b62ec09df1ffbee164831a827e83fa61d
- Fix bound
savedevent from firing on all subsequent models when calling assignRole or givePermissionTo on unsaved models. However, it is preferable to save the model first, and then add roles/permissions after saving. See #971.
- Use config settings for cache reset in migration stub
- Remove use of Cache facade, for Lumen compatibility
- Rename
getCacheKeymethod in HasPermissions trait togetPermissionCacheKeyfor clearer specificity.
- Add ability to specify a cache driver for roles/permissions caching
- Added the ability to reset the permissions cache via an Artisan command:
php artisan permission:cache-reset
- minor update to de-duplicate code overhead
- numerous internal updates to cache tests infrastructure
- Substantial speed increase by caching the associations between models and permissions
The following changes are not "breaking", but worth making the updates to your app for consistency.
-
Config file: The
config/permission.phpfile changed to move cache-related settings into a sub-array. You should review the changes and merge the updates into your own config file. Specifically theexpiration_timevalue has moved into a sub-array entry, and the old top-level entry is no longer used. See the master config file here: https://github.com/spatie/laravel-permission/blob/master/config/permission.php -
Cache Resets: If your
apportestsare clearing the cache by specifying the cache key, it is better to use the built-in forgetCachedPermissions() method so that it properly handles tagged cache entries. Here is the recommended change:
- app()['cache']->forget('spatie.permission.cache');
+ $this->app->make(\Spatie\Permission\PermissionRegistrar::class)->forgetCachedPermissions();- Also this is a good time to point out that now with v2.25.0 and v2.26.0 most permission-cache-reset scenarios may no longer be needed in your app, so it's worth reviewing those cases, as you may gain some app speed improvement by removing unnecessary cache resets.
- A model's
rolesandpermissionsrelations (respectively) are now automatically reloaded after an Assign/Remove role or Grant/Revoke of permissions. This means there's no longer a need to call->fresh()on the model if the only reason is to reload the role/permission relations. (That said, you may want to call it for other reasons.) - Added support for passing id to HasRole()
- Fix operator used on RoleOrPermissionMiddleware, and avoid throwing PermissionDoesNotExist if invalid permission passed
- Auto-reload model role relation after using AssignRole
- Avoid empty permission creation when using the CreateRole command
- Avoid unnecessary queries of user roles when fetching all permissions
- Fix Lumen issue with Route helper added in 2.22.0
- Added
Route::role()andRoute::permission()middleware helper functions - Added new
role_or_permissionmiddleware to allow specifying "or" combinations
- Revert changes from 2.17.1 in order to support Lumen 5.7
- It will sync roles/permissions to models that are not persisted, by registering a
savedcallback. (It would previously throw an Integrity constraint violation QueryException on the pivot table insertion.)
- add
@elseroledirective: Usage:
@role('roleA')
// user hasRole 'roleA'
@elserole('roleB')
// user hasRole 'roleB' but not 'roleA'
@endrole- Spark-related fix to accommodate missing guard[providers] config
- Add ability to pass in IDs or mixed values to
rolescope - Add
@unlessrole/@endunlessroleBlade directives
- Expanded CLI
permission:create-rolecommand to create optionally create-and-link permissions in one command. Also now no longer throws an error if the role already exists.
- Require laravel/framework instead of illuminate/* starting from ~5.4.0
- Removed old dependency for illuminate/database@~5.3.0 (Laravel 5.3 is not supported)
- Laravel 5.7 compatibility
- Replace static Permission::class and Role::class with dynamic value (allows custom models more easily)
- Added type checking in hasPermissionTo and hasDirectPermission
- Make assigning the same role or permission twice not throw an exception
- Allow using another key name than
model_idby defining newcolumnsarray withmodel_morph_keykey in config file. This improves UUID compatibility as discussed in #777.
- Fix issue with null values passed to syncPermissions & syncRoles
- added hasAllPermissions method
- Reverted 2.12.0. REVERTS: "Add ability to pass guard name to gate methods like can()". Requires reworking of guard handling if we're going to add this feature.
- Add ability to pass guard name to gate methods like can()
- Improve speed of permission lookups with findByName, findById, findOrCreate
- changes the type-hinted Authenticatable to Authorizable in the PermissionRegistrar. (Previously it was expecting models to implement the Authenticatable contract; but really that should have been Authorizable, since that's where the Gate functionality really is.)
- Now findOrCreate() exists for both Roles and Permissions
- Internal code refactoring for future dev work
- Permissions now support passing integer id for sync, find, hasPermissionTo and hasDirectPermissionTo
- add compatibility with Laravel 5.6
- Allow assign/sync/remove Roles from Permission model
- Allow a collection containing a model to be passed to role/permission scopes
- Fix compatibility with Spark v2.0 to v5.0
- Support getting guard_name from extended model when using static methods
Changes related to throwing UnauthorizedException:
- When UnauthorizedException is thrown, a property is added with the expected role/permission which triggered it
- A configuration option may be set to include the list of required roles/permissions in the message
- REVERTED: Dynamic permission_id and role_id columns according to tables name NOTE: This Dynamic field naming was a breaking change, so we've removed it for now.
BEST NOT TO USE v2.7.7 if you've changed tablenames in the config file.
- updated
HasPermissions::getStoredPermissionto allow a collection to be returned, and to fix query when passing multiple permissions - Give and revoke multiple permissions
- Dynamic permission_id and role_id columns according to tables name
- Add findOrCreate function to Permission model
- Improved Lumen support
- Allow guard name to be null for find role by id
- added Lumen support
- updated
HasRole::assignRoleandHasRole::syncRolesto accept role id's in addition to role names as arguments
- fixed
Gate::beforefor custom gate callbacks
- added cache clearing command in
upmigration for permission tables - use config_path helper for better Lumen support
- refactor middleware to throw custom
UnauthorizedException(which raises an HttpException with 403 response) The 403 response is backward compatible
- refactor
PermissionRegistrarto use$gate->before() - removed
log_registration_exceptionas it is no longer relevant
- fixed a bug where
Roles andPermissions got detached when soft deleting a model
- add support for L5.3
- add
permissionscope
- register the blade directives in the register method of the service provider
- register the blade directives in the boot method of the service provider
- let middleware use caching
- add getRoleNames() method to return a collection of assigned roles
- add compatibility with Laravel 5.5
- automatically detach roles and permissions when a user gets deleted
- fix processing of pipe symbols in
@hasanyroleand@hasallrolesBlade directives
- add
PermissionMiddlewareandRoleMiddleware
- allow
hasAnyPermissionto take an array of permissions
- fix commands not using custom models
- add
create-permissionandcreate-rolecommands
hasanyroleandhasallrolecan accept multiple roles
- fixed a bug where
hasPermissionTowouldn't use the right guard name
- fixed a bug that didn't allow you to assign a role or permission when using multiple guards
- add
model_typeto the primary key of tables that use a polymorphic relationship
- fixed a bug where the role()/permission() relation to user models would be saved incorrectly
- added users() relation on Permission and Role
- fix a bug where the
role()/permission()relation to user models would be saved incorrectly - add
users()relation onPermissionandRole
- check for duplicates when adding new roles and permissions
- fix the order of the
foreignKeyandrelatedKeyin the relations
- Requires minimum Laravel 5.4
- cache expiration is now configurable and set to one day by default
- roles and permissions can now be assigned to any model through the
HasRolestrait - removed deprecated
hasPermissionmethod - renamed config file from
laravel-permissiontopermission.
- added support for Laravel 5.7
- added support for Laravel 5.6
- allow
hasAnyPermissionto take an array of permissions
- fixed
Gate::beforefor custom gate callbacks
- refactor
PermissionRegistrarto use$gate->before() - removed
log_registration_exceptionas it is no longer relevant
- added compatibility for Laravel 5.5
- made foreign key name to users table configurable
hasPermissionTouses the cache to avoid extra queries when it is called multiple times
- add
getDirectPermissions,getPermissionsViaRoles,getAllPermissions
- add
hasAnyPermission
- add
log_registration_exceptionin settings file - fix for ambiguous column name
idwhen using the role scope
hasDirectPermissionmethod is now public
- added support for Laravel 5.4
- make exception logging more verbose
- added
Rolescope
- moved some things to
bootmethod in SP to solve some compatibility problems with other packages
- make compatible with L5.3
- fixes
givePermissionToandassignRolein Laravel 5.1
** this version does not work in Laravel 5.1, please upgrade to version 1.5.1 of this package
- allowed
givePermissonToto accept multiple permissions - allowed
assignRoleto accept multiple roles - added
syncPermissions-method - added
syncRoles-method - dropped support for PHP 5.5 and HHVM
- added
hasPermissionTofunction to theRolemodel
hasAnyRolecan now properly process an array
hasDirectPermissioncan now accept a string
- fixed user table configuration
- fixed bug when testing for non existing permissions
- added compatibility for Laravel 5.2
- use database_path to publish migrations
###Added
- support for custom models
- Blade directives
hasAllRoles()- andhasAnyRole()-functions
- Fix for running phpunit locally
- Fixed the inconsistent naming of the
hasPermission-method.
- Everything, initial release