| Package Data | |
|---|---|
| Maintainer Username: | unstoppablecarl |
| Maintainer Contact: | unstoppablecarlolsen@gmail.com (Carl Olsen) |
| Package Create Date: | 2017-07-24 |
| Package Last Update: | 2019-03-06 |
| Language: | PHP |
| License: | MIT |
| Last Refreshed: | 2024-11-15 15:04:30 |
| Package Statistics | |
|---|---|
| Total Downloads: | 11 |
| Monthly Downloads: | 0 |
| Daily Downloads: | 0 |
| Total Stars: | 3 |
| Total Watchers: | 2 |
| Total Forks: | 0 |
| Total Open Issues: | 0 |
Manage Laravel User abilities that target Users.
Determining a way to authorize what actions can be performed by one User on another may seem like a simple problem at first. Most Role based permission modules are designed to allow multiple roles per user. This is an extremely powerful and flexible design pattern but creates a hard to define authorization case: When User-A can update users with Role-1, and User-B has Role-1 and Role-2, how should your application determine if User-A update User-B?
Arbiter provides a solution to this problem without getting in the way of an existing or separate multi-role based authorization system.
The preferred method of installation is via Packagist and Composer.
Run the following command to install the package and add it as a requirement to your project's composer.json:
composer require unstoppablecarl/arbiter
Each User has exactly one Primary Role. Primary Roles are used to determine what actions a user can perform on other users and vice-versa. Each Primary Role is identified with a unique name string.
The UserWithPrimaryRole interface is implemented on the User model.
<?php
interface UserWithPrimaryRole {
/*
* Get the Primary Role of this user.
* @return string
*/
public function getPrimaryRoleName();
}
The developer implements the interface with a strategy for determining what the Primary Role of a user is.
Implement the UserWithPrimaryRole Interface on your User model.
See UnstoppableCarl\Arbiter\Contracts\UserWithPrimaryRole
<?php
namespace App;
use UnstoppableCarl\Arbiter\Contracts\UserWithPrimaryRole;
class User implements UserWithPrimaryRole
{
public function getPrimaryRoleName()
{
// @TODO implement Primary Role strategy
// simple example
// not recommended
return $this->primary_role ?: 'default_primary_role';
}
}
Create App\Policies\UserPolicy and set it as the policy for the User model in App\Providers\AuthServiceProvider
See UserPolicy
<?php
namespace App\Policies;
use UnstoppableCarl\Arbiter\Policies\UserPolicy as ArbiterUserPolicy;
class UserPolicy extends ArbiterUserPolicy
{
}
Create and bind an implementation of the UserAuthorityContract in your AuthServiceProvider or continue with the Config Based User Authority below.
Arbiter includes a simple config based UserAuthority implementation to quickly get your project up and running.
Add the Service Provider to config/app.php
UnstoppableCarl\Arbiter\Providers\ArbiterServiceProvider::class,
Publish the config file.
php artisan vendor:publish --provider=UnstoppableCarl\Arbiter\Providers\ArbiterServiceProvider
Primary Role Abilities can be configured in config/arbiter.php.
The UserPolicy functionality is organized into seperate traits to allow use of only the functionality you want.
Adds a reference to the UserAuthority instance.
HasAbilities and HasGetters traits.UserWithPrimaryRole interface via a toPrimaryRole method.Adds the typical abilities of a UserPolicy matching them to the methods and abilities of the UserAuthority.
HasUserAuthority trait.Adds getters to allow retrieval of all primary roles a user can perform given abilities on.
HasUserAuthority trait.Allows overriding the returned value of a UserPolicy ability check, when the source and target of the check are the same User. The ability check is overriden by using the before method behavior of Laravel Policies.
$targetSelfOverrides property must be set to an implementation of the TargetSelfOverridesContract. In the included UserPolicy it is set via the constructor.TargetSelfOverrides is a minimal implementation included and used by default in the ArbiterServiceProvider.The following shows how to add an ability to the UserPolicy that checks a custom ability set in the UserAuthority.
<?php
namespace App\Policies;
use UnstoppableCarl\Arbiter\Contracts\UserWithPrimaryRole;
use UnstoppableCarl\Arbiter\Policies\UserPolicy as ArbiterUserPolicy;
class UserPolicy extends ArbiterUserPolicy
{
/**
* Can ban users with $target Primary Role
* @param UserWithPrimaryRole $source
* @param UserWithPrimaryRole|null $target
* @return
*/
public function ban(UserWithPrimaryRole $source, $target = null)
{
$source = $this->toPrimaryRole($source);
$target = $this->toPrimaryRole($target);
$ability = 'ban';
return $this->userAuthority()->canOrAny($source, $ability, $target);
}
}
Run Unit Tests
$ composer phpunit
Run Codesniffer (psr-2)
$ composer phpcs
Run both
$ composer test
Contributions and Pull Requests welcome!
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.md file for details