-
Notifications
You must be signed in to change notification settings - Fork 965
User
If you have to control the access User provides middlewares to protect your routes.
If you have to control the access through the Laravel routes, User has some built-in middlewares for the trivial tasks. To use them, just put it in your app/Http/Kernel.php file.
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
// Simpler access control, uses only the groups
'auth.role' => \Litepie\User\Middlewares\NeedsRoleMiddleware::class
];You'll see how to use the middlewares below.
If the built-in middlewares doesn't fit your needs, you can make your own by using User's API to control the access.
User handles only access control. The authentication is still made by Laravel's Auth.
You can create roles and permissions by login to the admin as super user for you application.
You can also use the User's API. You can create a Laravel Seeder or use php artisan tinker.
use App\User;
$roleAdmin = User::createRole('admin');
// The first parameter is the permission name
// The second is the "friendly" version of the name. (usually for you to show it in your application).
$permission = User::createPermission('user.create', 'Create Users');
// You can assign permission directly to a user.
$user = User::find(1);
$user->attachPermission($permission);
// or you can add the user to a group and that group has the power to rule create users.
$roleAdmin->attachPermission($permission);
// Now this user is in the Administrators group.
$user->attachRole($roleAdmin);To protect your routes, you can use the built-in middlewares.
User requires Laravel's Auth, so, use the
authmiddleware before the User's middleware that you intend to use.
Route::get('foo', ['middleware' => ['auth', 'needsPermission'], 'shield' => 'user.create', function()
{
return 'Yes I can!';
}]);If you're using Laravel 5.1 it's possible to use Middleware Parameters.
Route::get('foo', ['middleware' => ['auth', 'needsPermission:user.index'], function() {
return 'Yes I can!';
}]);With this syntax it's also possible to use the middlewaren within your controllers.
$this->middleware('needsPermission:user.index');You can pass an array of permissions to check on.
Route::get('foo', ['middleware' => ['auth', 'needsPermission'], 'shield' => ['user.index', 'user.create'], function()
{
return 'Yes I can!';
}]);When using middleware parameters, use a | to separate multiple permissions.
Route::get('foo', ['middleware' => ['auth', 'needsPermission:user.index|user.create'], function() {
return 'Yes I can!';
}]);Or within controllers:
$this->middleware('needsPermission:user.index|user.create');When you pass an array of permissions, the route will be fired only if the user has all the permissions. However, if you want to allow the access to the route when the user has at least one of the permissions, just add 'any' => true.
Route::get('foo', ['middleware' => ['auth', 'needsPermission'], 'shield' => ['user.index', 'user.create'], 'any' => true, function()
{
return 'Yes I can!';
}]);Or, with middleware parameters, pass it as the 2nd parameter
Route::get('foo', ['middleware' => ['auth', 'needsPermission:user.index|user.create,true'], function() {
return 'Yes I can!';
}]);Or within controllers:
$this->middleware('needsPermission:user.index|user.create,true');This is similar to the previous middleware, but only the roles are checked, it means that it doesn't check the permissions.
Route::get('foo', ['middleware' => ['auth', 'needsRole'], 'is' => 'admin', function()
{
return 'Yes I am!';
}]);If you're using Laravel 5.1 it's possible to use Middleware Parameters.
Route::get('foo', ['middleware' => ['auth', 'needsRole:admin'], function() {
return 'Yes I am!';
}]);With this syntax it's also possible to use the middlewaren within your controllers.
$this->middleware('needsRole:admin');You can pass an array of permissions to check on.
Route::get('foo', ['middleware' => ['auth', 'needsRole'], 'shield' => ['admin', 'member'], function()
{
return 'Yes I am!';
}]);When using middleware parameters, use a | to separate multiple roles.
Route::get('foo', ['middleware' => ['auth', 'needsRole:admin|editor'], function() {
return 'Yes I am!';
}]);Or within controllers:
$this->middleware('needsRole:admin|editor');When you pass an array of permissions, the route will be fired only if the user has all the permissions. However, if you want to allow the access to the route when the user has at least one of the permissions, just add 'any' => true.
Route::get('foo', ['middleware' => ['auth', 'needsRole'], 'is' => ['admin', 'member'], 'any' => true, function()
{
return 'Yes I am!';
}]);Or, with middleware parameters, pass it as the 2nd parameter
Route::get('foo', ['middleware' => ['auth', 'needsRole:admin|editor,true'], function() {
return 'Yes I am!';
}]);Or within controllers:
$this->middleware('needsRole:admin|editor,true');Laravel's Blade extension for using User.
@shield('user.index')
shows your protected stuff
@endshield
@shield('user.index')
shows your protected stuff
@else
shows the data for those who doesn't have the user.index permission
@endshield
@is('admin')
Shows data for the logged user and that belongs to the admin role
@endis
@is('admin')
Shows data for the logged user and that belongs to the admin role
@else
shows the data for those who doesn't have the admin permission
@endis
@is(['role1', 'role2'])
Shows data for the logged user and that belongs to the admin role
@else
shows the data for those who doesn't have the admin permission
@endis
With the User's Facade you can access the API and use it at any part of your application.
Check if the logged user has the $permission.
Check if the logged user has the $permission. If the role superuser returns true
Check if the logged user has the $permission checking only the role permissions.
Check if the logged user belongs to the role $roleName.
Check if the role $roleName exists in the database.
Check if the permission $permissionName exists in the database.
Find the role in the database by the name $roleName.
Find the role in the database by the role ID roleId.
Find the permission in the database by the name $permissionName.
Find the permission in the database by the ID $permissionId.
Create a new role in the database.
Create a new permission in the database.
Check whether the current user belongs to the role.
Returns a javascript script with a list of all roles and permissions of the current user. The variable name can be modified.
To add the User's features, you need to add the trait HasUser in you User model (usually App\User).
<?php namespace App;
// Declaration of other omitted namespaces
use Litepie\User\Traits\HasUser;
class User extends Model implements AuthenticatableContract, CanResetPasswordContract {
use Authenticatable, CanResetPassword, HasUser;
// Rest of the class
}This trait, beyond configuring the relationships, will add the following methods to your object App\User:
#####public function hasPermission($permission):
This method checks if the logged user has the permission $permission
In User, there are 2 kind of permissions: User permissions and Role permissions. By default, the permissions that the user inherits, are permissions of the roles that it belongs to. However, always that a user pemission is set, it will take precedence of role permission.
public function foo(Authenticable $user)
{
if ($user->hasPermission('user.create'));
}This method works the same way the previous one, the only diference is that the user permissions are not considered, however, only the role's permissions that the user belongs are used to check the access.
public function foo(Authenticable $user)
{
if ($user->roleHasPermission('user.create');
}Attach the user to the role $role. The $role variable might be an object of the type Litepie\User\Role or an array containing the ids of the roles.
public function foo(Authenticable $user)
{
$role = User::findRole('admin'); // Returns an Litepie\User\Role
$user->attachRole($role);
// or
$roles = [1, 2, 3]; // Using an array of ids
$user->attachRole($roles);
}Deatach the role $role from the user (inverse to attachRole()).
public function foo(Authenticable $user)
{
$role = User::findRole('admin'); // Returns an Litepie\User\Role
$user->detachRole($role);
// ou
$roles = [1, 2, 3]; // Using an array of ids
$user->detachRole($roles);
}This is like the attachRole() method, but only the roles in the array $roles will be on the relationship after the method runs. $roles it's an array of ids for the needed roles.
public function foo(Authenticable $user)
{
$roles = [1, 2, 3]; // Using an array of ids
$user->syncRoles($roles);
}Attach the user to the permission $permission. The $permission variable is an instance of the Litepie\User\Permission class.
public function foo(Authenticable $user)
{
$permission = User::findPermission('user.create');
$user->attachPermission($permission, [
'value' => true // true = has the permission, false = doesn't have the permission,
]);
}Remove the permission $permission from the user. The $permission variable might be an instance of the Litepie\User\Permission class or an array of ids with the ids of the permissions to be removed.
public function foo(Authenticable $user)
{
$permission = User::findPermission('user.create');
$user->detachPermission($permission);
// or
$permissions = [1, 3];
$user->detachPermission($permissions);
}This is like the method syncRoles. but only the roles in the array $permissions be on the relationship after the method runs.
public function foo(Authenticable $user)
{
$permissions = [
1 => ['value' => false],
2 => ['value' => true,
3 => ['value' => true]
];
$user->syncPermissions($permissions);
}Remove all the user permissions.
public function foo(Authenticable $user)
{
$user->revokePermissions();
}Remove all the temporary expired pemissions from the user. More about temporary permissions below.
public function foo(Authenticable $user)
{
$user->revokeExpiredPermissions();
}