Package Data | |
---|---|
Maintainer Username: | jeremykenedy |
Maintainer Contact: | romanbican@seznam.cz (Roman Bičan) |
Package Create Date: | 2017-02-22 |
Package Last Update: | 2024-12-21 |
Home Page: | |
Language: | PHP |
License: | MIT |
Last Refreshed: | 2024-12-22 03:11:21 |
Package Statistics | |
---|---|
Total Downloads: | 687,162 |
Monthly Downloads: | 8,481 |
Daily Downloads: | 179 |
Total Stars: | 971 |
Total Watchers: | 44 |
Total Forks: | 196 |
Total Open Issues: | 1 |
A Powerful package for handling roles and permissions in Laravel. Supports Laravel 5.3, 5.4, 5.5, 5.6, 5.7 and 5.8.
This package is very easy to set up. There are only couple of steps.
From your projects root folder in terminal run:
Laravel 5.8 and up use:
composer require jeremykenedy/laravel-roles
Laravel 5.7 and below use:
composer require jeremykenedy/laravel-roles:1.4.0
$table->increments('id');
to $table->bigIncrements('id');
in Laravel 5.8.Laravel 5.5 and up
Uses package auto discovery feature, no need to edit the config/app.php
file.
Laravel 5.4 and below
Add the package to your application service providers in config/app.php
file.
'providers' => [
...
/**
* Third Party Service Providers...
*/
jeremykenedy\LaravelRoles\RolesServiceProvider::class,
],
php artisan vendor:publish --tag=laravelroles
php artisan vendor:publish --tag=laravelroles-config
php artisan vendor:publish --tag=laravelroles-migrations
php artisan vendor:publish --tag=laravelroles-seeds
Include HasRoleAndPermission
trait and also implement HasRoleAndPermission
contract inside your User
model. See example below.
Include use jeremykenedy\LaravelRoles\Traits\HasRoleAndPermission;
in the top of your User
model below the namespace and implement the HasRoleAndPermission
trait. See example below.
Example User
model Trait And Contract:
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable;
use jeremykenedy\LaravelRoles\Traits\HasRoleAndPermission;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use Notifiable;
use HasRoleAndPermission;
// rest of your model ...
}
This uses the default users table which is in Laravel. You should already have the migration file for the users table available and migrated.
Setup the needed tables:
php artisan migrate
Update database\seeds\DatabaseSeeder.php
to include the seeds. See example below.
<?php
use Illuminate\Database\Seeder;
use Illuminate\Database\Eloquent\Model;
class DatabaseSeeder extends Seeder
{
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
Model::unguard();
$this->call('PermissionsTableSeeder');
$this->call('RolesTableSeeder');
$this->call('ConnectRelationshipsSeeder');
//$this->call('UsersTableSeeder');
Model::reguard();
}
}
composer dump-autoload
php artisan db:seed
|Property|Value| |----|----| |Name| Admin| |Slug| admin| |Description| Admin Role| |Level| 5|
|Property|Value| |----|----| |Name| User| |Slug| user| |Description| User Role| |Level| 1|
|Property|Value| |----|----| |Name| Unverified| |Slug| unverified| |Description| Unverified Role| |Level| 0|
|Property|Value| |----|----| |name|Can View Users| |slug|view.users| |description|Can view users| |model|Permission|
|Property|Value| |----|----| |name|Can Create Users| |slug|create.users| |description|Can create new users| |model|Permission|
|Property|Value| |----|----| |name|Can Edit Users| |slug|edit.users| |description|Can edit users| |model|Permission|
|Property|Value| |----|----| |name|Can Delete Users| |slug|delete.users| |description|Can delete users| |model|Permission|
If you migrate from bican/roles to jeremykenedy/LaravelRoles you will need to update a few things.
can
, canOne
and canAll
to hasPermission
, hasOnePermission
, hasAllPermissions
.is
, isOne
and isAll
to hasRole
, hasOneRole
, hasAllRoles
.$adminRole = config('roles.models.role')::create([
'name' => 'Admin',
'slug' => 'admin',
'description' => '',
'level' => 5,
]);
$moderatorRole = config('roles.models.role')::create([
'name' => 'Forum Moderator',
'slug' => 'forum.moderator',
]);
Because of
Slugable
trait, if you make a mistake and for example leave a space in slug parameter, it'll be replaced with a dot automatically, because ofstr_slug
function.
It's really simple. You fetch a user from database and call attachRole
method. There is BelongsToMany
relationship between User
and Role
model.
$user = config('roles.defaultUserModel')::find($id);
$user->attachRole($adminRole); // you can pass whole object, or just an id
$user->detachRole($adminRole); // in case you want to detach role
$user->detachAllRoles(); // in case you want to detach all roles
$user->syncRoles($roles); // you can pass Eloquent collection, or just an array of ids
You can assign the user a role upon the users registration by updating the file app\Http\Controllers\Auth\RegisterController.php
.
You can assign a role to a user upon registration by including the needed models and modifying the create()
method to attach a user role. See example below:
create()
method of app\Http\Controllers\Auth\RegisterController.php
: protected function create(array $data)
{
$user = config('roles.defaultUserModel')::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
$role = config('roles.models.role')::where('name', '=', 'User')->first(); //choose the default role upon user creation.
$user->attachRole($role);
return $user;
}
You can now check if the user has required role.
if ($user->hasRole('admin')) { // you can pass an id or slug
//
}
You can also do this:
if ($user->isAdmin()) {
//
}
And of course, there is a way to check for multiple roles:
if ($user->hasRole(['admin', 'moderator'])) {
/*
| Or alternatively:
| $user->hasRole('admin, moderator'), $user->hasRole('admin|moderator'),
| $user->hasOneRole('admin, moderator'), $user->hasOneRole(['admin', 'moderator']), $user->hasOneRole('admin|moderator')
*/
// The user has at least one of the roles
}
if ($user->hasRole(['admin', 'moderator'], true)) {
/*
| Or alternatively:
| $user->hasRole('admin, moderator', true), $user->hasRole('admin|moderator', true),
| $user->hasAllRoles('admin, moderator'), $user->hasAllRoles(['admin', 'moderator']), $user->hasAllRoles('admin|moderator')
*/
// The user has all roles
}
When you are creating roles, there is optional parameter level
. It is set to 1
by default, but you can overwrite it and then you can do something like this:
if ($user->level() > 4) {
//
}
If user has multiple roles, method
level
returns the highest one.
Level
has also big effect on inheriting permissions. About it later.
It's very simple thanks to Permission
model called from config('roles.models.permission')
.
$createUsersPermission = config('roles.models.permission')::create([
'name' => 'Create users',
'slug' => 'create.users',
'description' => '', // optional
]);
$deleteUsersPermission = config('roles.models.permission')::create([
'name' => 'Delete users',
'slug' => 'delete.users',
]);
You can attach permissions to a role or directly to a specific user (and of course detach them as well).
$role = config('roles.models.role')::find($roleId);
$role->attachPermission($createUsersPermission); // permission attached to a role
$user = config('roles.defaultUserModel')::find($userId);
$user->attachPermission($deleteUsersPermission); // permission attached to a user
$role->detachPermission($createUsersPermission); // in case you want to detach permission
$role->detachAllPermissions(); // in case you want to detach all permissions
$role->syncPermissions($permissions); // you can pass Eloquent collection, or just an array of ids
$user->detachPermission($deleteUsersPermission);
$user->detachAllPermissions();
$user->syncPermissions($permissions); // you can pass Eloquent collection, or just an array of ids
if ($user->hasPermission('create.users')) { // you can pass an id or slug
//
}
if ($user->canDeleteUsers()) {
//
}
You can check for multiple permissions the same way as roles. You can make use of additional methods like hasOnePermission
or hasAllPermissions
.
Role with higher level is inheriting permission from roles with lower level.
There is an example of this magic
:
You have three roles: user
, moderator
and admin
. User has a permission to read articles, moderator can manage comments and admin can create articles. User has a level 1, moderator level 2 and admin level 3. It means, moderator and administrator has also permission to read articles, but administrator can manage comments as well.
If you don't want permissions inheriting feature in you application, simply ignore
level
parameter when you're creating roles.
Let's say you have an article and you want to edit it. This article belongs to a user (there is a column user_id
in articles table).
use App\Article;
$editArticlesPermission = config('roles.models.permission')::create([
'name' => 'Edit articles',
'slug' => 'edit.articles',
'model' => 'App\Article',
]);
$user->attachPermission($editArticlesPermission);
$article = Article::find(1);
if ($user->allowed('edit.articles', $article)) { // $user->allowedEditArticles($article)
//
}
This condition checks if the current user is the owner of article. If not, it will be looking inside user permissions for a row we created before.
if ($user->allowed('edit.articles', $article, false)) { // now owner check is disabled
//
}
There are four Blade extensions. Basically, it is replacement for classic if statements.
@role('admin') // @if(Auth::check() && Auth::user()->hasRole('admin'))
// user has admin role
@endrole
@permission('edit.articles') // @if(Auth::check() && Auth::user()->hasPermission('edit.articles'))
// user has edit articles permissison
@endpermission
@level(2) // @if(Auth::check() && Auth::user()->level() >= 2)
// user has level 2 or higher
@endlevel
@allowed('edit', $article) // @if(Auth::check() && Auth::user()->allowed('edit', $article))
// show edit button
@endallowed
@role('admin|moderator', true) // @if(Auth::check() && Auth::user()->hasRole('admin|moderator', true))
// user has admin and moderator role
@else
// something else
@endrole
This package comes with VerifyRole
, VerifyPermission
and VerifyLevel
middleware.
The middleware aliases are already registered in \jeremykenedy\LaravelRoles\RolesServiceProvider
as of 1.7.
You can optionally add them inside your app/Http/Kernel.php
file with your own aliases like outlined below:
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'role' => \jeremykenedy\LaravelRoles\Middleware\VerifyRole::class,
'permission' => \jeremykenedy\LaravelRoles\Middleware\VerifyPermission::class,
'level' => \jeremykenedy\LaravelRoles\Middleware\VerifyLevel::class,
];
Now you can easily protect your routes.
Route::get('/', function () {
//
})->middleware('role:admin');
Route::get('/', function () {
//
})->middleware('permission:edit.articles');
Route::get('/', function () {
//
})->middleware('level:2'); // level >= 2
Route::get('/', function () {
//
})->middleware('role:admin', 'level:2'); // level >= 2 and Admin
Route::group(['middleware' => ['role:admin']], function () {
//
});
It throws \jeremykenedy\LaravelRoles\Exceptions\RoleDeniedException
, \jeremykenedy\LaravelRoles\Exceptions\PermissionDeniedException
or \jeremykenedy\LaravelRoles\Exceptions\LevelDeniedException
exceptions if it goes wrong.
You can catch these exceptions inside app/Exceptions/Handler.php
file and do whatever you want.
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $exception
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $exception)
{
$userLevelCheck = $exception instanceof \jeremykenedy\LaravelRoles\Exceptions\RoleDeniedException ||
$exception instanceof \jeremykenedy\LaravelRoles\Exceptions\RoleDeniedException ||
$exception instanceof \jeremykenedy\LaravelRoles\Exceptions\PermissionDeniedException ||
$exception instanceof \jeremykenedy\LaravelRoles\Exceptions\LevelDeniedException;
if ($userLevelCheck) {
if ($request->expectsJson()) {
return Response::json(array(
'error' => 403,
'message' => 'Unauthorized.'
), 403);
}
abort(403);
}
return parent::render($request, $exception);
}
.env
file variables.
<?php
return [
/*
|--------------------------------------------------------------------------
| Package Connection
|--------------------------------------------------------------------------
|
| You can set a different database connection for this package. It will set
| new connection for models Role and Permission. When this option is null,
| it will connect to the main database, which is set up in database.php
|
*/
'connection' => null,
/*
|--------------------------------------------------------------------------
| Slug Separator
|--------------------------------------------------------------------------
|
| Here you can change the slug separator. This is very important in matter
| of magic method __call() and also a `Slugable` trait. The default value
| is a dot.
|
*/
'separator' => '.',
/*
|--------------------------------------------------------------------------
| Models
|--------------------------------------------------------------------------
|
| If you want, you can replace default models from this package by models
| you created. Have a look at `jeremykenedy\LaravelRoles\Models\Role` model and
| `jeremykenedy\LaravelRoles\Models\Permission` model.
|
*/
'models' => [
'role' => jeremykenedy\LaravelRoles\Models\Role::class,
'permission' => jeremykenedy\LaravelRoles\Models\Permission::class,
],
/*
|--------------------------------------------------------------------------
| Roles, Permissions and Allowed "Pretend"
|--------------------------------------------------------------------------
|
| You can pretend or simulate package behavior no matter what is in your
| database. It is really useful when you are testing you application.
| Set up what will methods hasRole(), hasPermission() and allowed() return.
|
*/
'pretend' => [
'enabled' => false,
'options' => [
'hasRole' => true,
'hasPermission' => true,
'allowed' => true,
],
],
/*
|--------------------------------------------------------------------------
| Laravel Default User Model
|--------------------------------------------------------------------------
|
| This is the applications default user model.
|
*/
'defaultUserModel' => env('ROLES_DEFAULT_USER_MODEL', config('auth.providers.users.model')),
/*
|--------------------------------------------------------------------------
| Default Seeds
|--------------------------------------------------------------------------
|
| These are the default package seeds. You can seed the package built
| in seeds without having to seed them. These seed directly from
| the package. These are not the published seeds.
|
*/
'defaultSeeds' => [
'PermissionsTableSeeder' => env('ROLES_SEED_DEFAULT_PERMISSIONS', true),
'RolesTableSeeder' => env('ROLES_SEED_DEFAULT_ROLES', true),
'ConnectRelationshipsSeeder' => env('ROLES_SEED_DEFAULT_RELATIONSHIPS', true),
'UsersTableSeeder' => env('ROLES_SEED_DEFAULT_USERS', false),
],
];
# Default User Model
ROLES_DEFAULT_USER_MODEL=App\User
# Roles Database Seeder Settings
ROLES_SEED_DEFAULT_PERMISSIONS=true
ROLES_SEED_DEFAULT_ROLES=true
ROLES_SEED_DEFAULT_RELATIONSHIPS=true
ROLES_SEED_DEFAULT_USERS=false
For more information, please have a look at HasRoleAndPermission contract.
├── .env.example
├── .gitignore
├── LICENSE
├── composer.json
├── config
│ └── roles.php
├── readme.md
└── src
├── Contracts
│ ├── HasRoleAndPermission.php
│ ├── PermissionHasRelations.php
│ └── RoleHasRelations.php
├── Database
│ ├── Migrations
│ │ ├── 2016_01_15_105324_create_roles_table.php
│ │ ├── 2016_01_15_114412_create_role_user_table.php
│ │ ├── 2016_01_26_115212_create_permissions_table.php
│ │ ├── 2016_01_26_115523_create_permission_role_table.php
│ │ └── 2016_02_09_132439_create_permission_user_table.php
│ └── Seeds
│ ├── DefaultConnectRelationshipsSeeder.php
│ ├── DefaultPermissionsTableSeeder.php
│ ├── DefaultRolesTableSeeder.php
│ ├── DefaultUsersTableSeeder.php
│ └── publish
│ ├── ConnectRelationshipsSeeder.php
│ ├── PermissionsTableSeeder.php
│ ├── RolesTableSeeder.php
│ └── UsersTableSeeder.php
├── Exceptions
│ ├── AccessDeniedException.php
│ ├── LevelDeniedException.php
│ ├── PermissionDeniedException.php
│ └── RoleDeniedException.php
├── Middleware
│ ├── VerifyLevel.php
│ ├── VerifyPermission.php
│ └── VerifyRole.php
├── Models
│ ├── Permission.php
│ └── Role.php
├── RolesFacade.php
├── RolesServiceProvider.php
└── Traits
├── HasRoleAndPermission.php
├── PermissionHasRelations.php
├── RoleHasRelations.php
└── Slugable.php
brew install tree
tree -a -I '.git|node_modules|vendor|storage|tests'
Before opening an issue there are a couple of considerations:
This package is an adaptation of romanbican/roles and ultraware/roles.
This package is free software distributed under the terms of the MIT license. Enjoy!