cosmos/rbac

一个用于在Laravel eloquent模型中实现基于角色的访问控制的特性。

维护者

详细信息

github.com/archco/rbac

源代码

问题

安装: 7

依赖: 0

建议者: 0

安全: 0

星标: 0

关注者: 2

分支: 0

开放问题: 0

v1.0.1 2020-01-13 01:10 UTC

Requires

Requires (Dev)

MIT d5981afd6d9451db5ffbc73ba47b99fe9acadb41

  • archco <archcoster.woop@gmail.com>

This package is auto-updated.

Last update: 2024-09-13 11:45:22 UTC

README

一个用于在Laravel eloquent模型中实现基于角色的访问控制的特性。

什么是RBAC

基于角色的访问控制(RBAC)是一种限制系统访问权限给授权用户的方法。详细信息见下文。

目录

数据库结构

users:
    - id INTEGER
    - email STRING
    - etc...

roles:
    - id INTEGER
    - name STRING
    - created_at DATE
    - updated_at DATE

permissions:
    - id INTEGER
    - name STRING
    - created_at DATE
    - updated_at DATE

role_user:
    - role_id INTEGER
    - user_id INTEGER
    - PRIMARY KEY role_id, user_id
    - FOREIGN KEY role_id REFERENCES roles.id ON DELETE CASCADE
    - FOREIGN KEY user_id REFERENCES users.id ON DELETE CASCADE

permission_role:
    - permission_id INTEGER
    - user_id INTEGER
    - PRIMARY KEY permission_id, role_id
    - FOREIGN KEY permission_id REFERENCES permissions.id ON DELETE CASCADE
    - FOREIGN KEY role_id REFERENCES roles.id ON DELETE CASCADE

安装

使用Composer安装包

composer require cosmos/rbac

服务提供者将自动注册。或者您也可以手动在您的config/app.php文件中添加服务提供者

'providers' => [
    // ...
    Cosmos\Rbac\RbacServiceProvider::class,
];

您可以在您的app/Http/Kernel.php文件中添加中间件

protected $routeMiddleware = [
    // ...
    'role' => \Cosmos\Rbac\Middleware\Role::class,
    'permission' => \Cosmos\Rbac\Middleware\Permission::class,
];

您应该发布config/rbac.php配置文件

php artisan vendor:publish --provider="Cosmos\Rbac\RbacServiceProvider"

模型

用户

Cosmos\Rbac\RoleBasedAccessControl特性添加到您的App\User模型

namespace App;

use Illuminate\Foundation\Auth\User as Authenticatable;
use Cosmos\Rbac\RoleBasedAccessControl;

class User extends Authenticatable
{
    use RoleBasedAccessControl;

    //
}

角色

扩展Cosmos\Rbac\Role到您的App\Role模型

namespace App;

use Cosmos\Rbac\Role as RoleModel;

class Role extends RoleModel
{
    //
}

权限

扩展Cosmos\Rbac\Permission到您的App\Permission模型

namespace App;

use Cosmos\Rbac\Permission as PermissionModel;

class Permission extends PermissionModel
{
    //
}

用法

分配角色和权限

您可以分配editor角色给特定的用户。

$blogEdit = Permission::create(['name' => 'blog.edit']);
$newsEdit = Permission::create(['name' => 'news.edit']);

// Assign `blog.edit` and `news.edit` permission to `editor` role.
$editor = Role::create(['name' => 'editor']);
$editor->permissions()->attach($blogEdit);
$editor->permissions()->attach($newsEdit);

// Assign `editor` role to the user.
$user = User::find(1);
$user->roles()->attach($editor);

// checking whether the user has roles.
$user->hasRole('editor'); // true

// checking whether the user has permissions.
$user->hasPermission('blog.edit');   // true
$user->hasPermission('blog.delete'); // false

// checking multiple roles or permissions.
$user->hasRole(['editor', 'news-editor']); // true.
$user->hasPermission(['blog.edit', 'blog.delete'], true); // returns false. second parameter is `requireAll`, default is false.

并且您也可以拒绝用户的角色。

$editor->permissions()->detach($newsEdit);
$user->hasPermission('news.edit'); // false

$user->roles()->detach($editor);
$user->hasRole('editor'); // false

使用中间件

在路由中使用中间件规则

Route::group(['middleware' => ['role:admin']], function () {
    //
});

// You can separate multiple roles or permission with a '|' (pipe) character.
Route::group(['middleware' => ['permission:edit articles|publish articles']], function () {
    //
});

Route::get('admin/profile', function () {
    //
})->middleware('role:admin', 'permission:admin.access');

在控制器中使用中间件规则

public function __construct()
{
    $this->middleware('role:super-user');
    // or
    $this->middleware(['role:admin', 'permission:admin.access']);
}

使用Blade指令

检查特定的角色

@role('editor')
    //
@else
    //
@endrole

或权限

@permission('blog.read,blog.edit')
    //
@endpermission

许可证

MIT许可证