| Package Data | |
|---|---|
| Maintainer Username: | mayconbordin |
| Maintainer Contact: | mayconbordin@gmail.com (Maycon Viana Bordin) |
| Package Create Date: | 2015-07-02 |
| Package Last Update: | 2016-07-27 |
| Language: | PHP |
| License: | MIT |
| Last Refreshed: | 2024-11-16 15:00:17 |
| Package Statistics | |
|---|---|
| Total Downloads: | 139 |
| Monthly Downloads: | 0 |
| Daily Downloads: | 0 |
| Total Stars: | 8 |
| Total Watchers: | 4 |
| Total Forks: | 0 |
| Total Open Issues: | 0 |
A Laravel 5 middleware for Entrust.
In order to install entrust-middleware, just add
"mayconbordin/entrust-middleware": "dev-master"
to your composer.json. Then run composer install or composer update.
Add the following line
'permissions' => 'Mayconbordin\Entrust\Middleware\Permissions'
to your app/Http/Kernel.php file in the $routeMiddleware array.
To use the middleware you need to implement the OwnershipResolverContract and
register the binding interface to your implementation.
The interface defines the method hasOwnership($permission, $user, Route $route),
which must return a boolean. The idea is that sometimes a permission is conditional,
meaning that the user can only access or do something to certain resource if he is
the owner of such resource.
Imagine, for example, a blog with multiple authors that can only edit their own posts.
For the permission to be evaluated by the OwnershipResolverContract service it must have
-own- in the name, in this case edit-own-post.
The implementation of the contract would look something like this:
class OwnershipResolver implements OwnershipResolverContract
{
public function hasOwnership($permission, $user, Route $route)
{
if ($permission == 'edit-own-post') {
$post = Post::find($route->getParameter("id"));
if ($post->author->id == $user->id) return true;
}
return false;
}
}
You then register the implementation on the register method of AppServiceProvider:
$this->app->bind(
'Mayconbordin\Entrust\Middleware\Contracts\OwnershipResolverContract',
'App\Services\OwnershipResolver'
);
To check for a permission in a route:
Route::put('/posts/{id}', [
'uses' => 'PostController@edit',
'middleware' => 'permissions',
'permissions' => 'edit-own-post'
]);
Or you can check for a role instead:
Route::put('/posts/{id}', [
'uses' => 'PostController@edit',
'middleware' => 'permissions',
'roles' => 'admin'
]);
You can also check for both permissions and roles:
Route::put('/posts/{id}', [
'uses' => 'PostController@edit',
'middleware' => 'permissions',
'permissions' => 'edit-own-post',
'roles' => 'admin'
]);
In this case the user must have either the permission or the role. At last, you can also list more than one permission or role:
Route::put('/posts/{id}', [
'uses' => 'PostController@edit',
'middleware' => 'permissions',
'permissions' => ['edit-post', 'edit-own-post']
]);