enea/laravel-authorization

用于管理Laravel应用程序权限的包

维护者

详细信息

github.com/vaened/laravel-authorization

源代码

问题

安装: 119

依赖: 0

建议者: 0

安全性: 0

星标: 2

关注者: 1

分支: 1

开放问题: 0

类型:

v3.0 2024-08-05 17:04 UTC

Requires

Requires (Dev)

MIT 1103046d2747d81d0a941cd88523fa5b3caf25f0

  • enea dhack <enea.so.woop@live.com>

authorizationsecurityacllaravelpermissionenea

This package is auto-updated.

Last update: 2024-09-05 17:13:23 UTC

README

Build Status Scrutinizer Code Quality Software License

Laravel Authorization是一个包,提供了一个简单的角色和权限管理界面。

// create authorizations
$cashier = $this->roles->create('Cashier');
$create = $this->permissions->create('Create Documents');
$annul = $this->permissions->create('Annul Documents');


// grant authorizations
$cashier->grantMultiple([$create, $annul]);
$user->grant($cashier);

// check
$user->isMemberOf('cashier'); // true
$user->can('create-documents'); // true
$user->can('annul-documents'); // true

// deny authorizations
$user->deny('annul-documents');

// now
$user->can('annul-documents'); // false

目录

安装

Laravel Authorization需要PHP 8.1。此版本仅支持Laravel 10。

要获取最新版本,只需使用Composer要求该项目

$ composer require enea/laravel-authorization

安装完成后,如果您没有使用自动包发现,那么您需要在您的config/app.php中注册Enea\Authorization\AuthorizationServiceProvider服务提供者。

最后,只需在控制台中运行即可

$ php artisan authorization:install

快速入门

使用laravel-authorization就像扩展提供该包的User模型一样简单

use Enea\Authorization\Models\User as Authorizable;

class User extends Authorizable {
    //
}

或者,如果您需要自定义用户模型,您必须实现Enea\Authorization\Contracts\Authorisable接口并使用Enea\Authorization\Traits\Authorisable特质

use Enea\Authorization\Contracts\Authorizable as AuthorizableContract;
use Enea\Authorization\Traits\Authorizable;
use Illuminate\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Database\Eloquent\Model;

class User extends Model implements AuthenticatableContract, AuthorizableContract
{
    use Authenticatable, Authorizable;
}

检查

有一些可用于检查角色和权限的方法

示例

// verify if a user has a permission
$user->can('permission-name');
// verify if a user does not have a permission
$user->cannot('permission-name');
// verify if a user is a member of a role
$user->isMemberOf('role-name');
// verify if a user is not a member of a role
$user->isntMemberOf('role-name');

另一方面,一个角色只能拥有权限

// verify if a role has a permission
$role->can('permission-name');
// verify if a role does not have a permission
$role->cannot('permission-name');

授权

简化了角色和权限的授予方式,两者都可以通过模型中的grant方法进行授权,您可以在此处查看示例这里

// grant an authorization to user
$user->grant($authorization);
// grant multiple authorizations to user
$user->grantMultiple([$permission, $role]);
// grant a permission to role
$role->grant($permission);
// grant multiple permissions to role
$user->grantMultiple([$firstPermission, $secondPermission]);

撤销

要撤销模型的权限或角色,必须使用revokerevokeMultiple方法

// revoke an authorization to a user
$user->revoke($authorization);
// revoke multiple authorizations of a user
$user->revokeMultiple([$permission, $role]);
// revoke a permission to a role
$role->revoke($permission);
// revoke multiple permissions of a role
$user->revokeMultiple([$firstPermission, $secondPermission]);

拒绝

要禁止用户访问某些内容,可以通过denydenyMultiple方法来实现

// deny a permission to a user
$user->deny($permission);
// deny multiple permissions to a user
$user->denyMultiple($permissions);

中间件

中间件默认启用,要更改此设置,可以从配置文件进行更改

    // automatic middleware configuration.
    'middleware' => [
        'enabled' => true,

        'permissions' => [
            'alias' => 'authenticated.can',
            'class' => \Enea\Authorization\Middleware\PermissionAuthorizerMiddleware::class,
        ],
        'roles' => [
            'alias' => 'authenticated.is',
            'class' => \Enea\Authorization\Middleware\RoleAuthorizerMiddleware::class,
        ],
    ],

或者,如果您想进行手动配置,可以禁用自动加载并修改您的kernel文件

protected $routeMiddleware = [
    ...
    
    // laravel-authorization
    'authenticated.can' => \Enea\Authorization\Middleware\PermissionAuthorizerMiddleware::class,
    'authenticated.is' => \Enea\Authorization\Middleware\RoleAuthorizerMiddleware::class,
];

然后您可以在路由中使用它,就像使用任何其他中间件一样

$router->get('create', 'CreateController@create')->middleware('authenticated.can:create-articles');
$router->get('admin', 'DashboardController@index')->middleware('authenticated.is:admin');

如果任何用户尝试访问未经授权的保护路由,将抛出类型为UnauthorizedOwnerException的异常。

自定义错误

要显示自定义错误,我们可以编辑Handler文件

public function render($request, Exception $exception)
{
    if ($exception instanceof UnauthorizedOwnerException) {
        return redirect()->route('custom-unauthorized-route');
    }
    return parent::render($request, $exception);
}

Blade指令

此包还添加了Blade指令来验证当前连接的用户是否具有特定角色或权限。可选地,您可以将第二个参数作为要执行检查的guard传递。

用于角色

@authenticatedIs('articles-owner')
    // is articles owner
@else
    // it's not articles owner
@endauthenticatedIs

以及拒绝

@authenticatedIsnt('articles-owner')
    // it's not articles owner
@else
    // is articles owner
@endauthenticatedIsnt

用于权限

@authenticatedCan('edit-articles')
    // can edit articles
@else
    // cannot edit articles
@endauthenticatedCan

以及拒绝

@authenticatedCannot('edit-articles')
    // cannot edit articles
@else
    // can edit articles
@endauthenticatedCannot

示例

简单CRUD

变更日志

有关最近更改的更多信息,请参阅变更日志

许可证

Laravel 授权项目遵循 MIT 许可协议 (MIT)