通过 
搜索
搜索leoche / laravel-lpermissions
路由的用户角色与权限
1.0.4
2017-04-13 15:22 UTC
Requires
- php: >=5.5.9
- illuminate/support: 5.3
This package is not auto-updated.
Last update: 2024-09-28 20:03:52 UTC
README
Laravel LPermissions 为 Auth Laravel 5.3 添加角色和权限。保护您的路由和视图。
目录
要求
- 此包需要 PHP 5.5+
- 此包需要 Laravel 5.3
安装
1. 在您的 composer.json 中要求此包,并使用 composer update 更新依赖项。
"require": {
...
"leoche/laravel-lpermissions": "1.0",
...
},
2. 将包添加到您的应用程序服务提供者在 config/app.php 中。
'providers' => [ Illuminate\Validation\ValidationServiceProvider::class, Illuminate\View\ViewServiceProvider::class, ... Leoche\LPermissions\LPermissionsServiceProvider::class, ],
3. 将包迁移发布到您的应用程序,并使用 php artisan migrate 运行这些迁移。
$ php artisan vendor:publish --provider="Leoche\LPermissions\LPermissionsServiceProvider"
4. 将中间件添加到您的 app/Http/Kernel.php。
protected $routeMiddleware = [ .... 'permission' => \Leoche\LPermissions\Middleware\checkPermission::class, ];
5. 将 HasRole 特性添加到您的 User 模型。
use Leoche\LPermissions\Traits\HasRole; class User extends Model implements AuthenticatableContract, CanResetPasswordContract { use Authenticatable, HasRole; }
方法使用
角色
创建角色
$role = new Role(); $role->name = 'Admin'; //The slug will be automatically generated from the role name $role->save();
分配或删除角色
$user = User::find(1); $user->setRole(2); // with id //OR $user->setRole("Admin"); // with slug/name $user->removeRole();
分配或删除继承角色到角色
$role = Role::find(1); $role->setInheritRole(2); //with id //OR $role->setInheritRole("Admin"); $role->removeInheritRole();
分配或删除权限到角色或用户
$role = Role::find(1); $role->setPermission("admin/*", "*"); $role->removePermission("/admin/*", "*"); $user = User::find(1); $user->setPermission("secretpage", "GET"); $user->removePermission("secretpage", "GET"); $user = User::find(1); $user->removeAllPermissions(); //delete all permissions of user $user->getRole->removeAllPermissions(); //delete all permissions of user's role $role = Role::find(1); $role->removeAllPermissions();
注意:LPermissions 将权限路径解析为
路由使用
您只需指定中间件到分组路由。它将检查权限,如果未经授权则中止 401。
Route::get('/home', function () { return "You can go here"; }); ... Route::group(['middleware' => ['auth']], function () { Route::get('/home1', function () { return "You can go here if you're logged"; }); }); ... Route::group(['middleware' => ['permission']], function () { Route::get('/home2', function () { return "You can go here if you or your role have '/home2' or '/*' permission"; }); }); ... Route::group(['middleware' => ['auth','permission']], function () { Route::get('/home3', function () { return "You can go here if you're logged and you or your role have '/home3' or '/*' permission"; }); });
Blades 使用
在您的 blades 视图中,您可以使用指令仅在用户具有权限或角色时显示某些内容(例如:链接、信息)。
@permission('admin/dashboard') //Only shown to users who can access to admin dashboard @endpermission ... @permission('admin/posts','post') //Only shown to users who can access to admin posts with method POST @endpermission ... ... @role('moderator') //Only shown to moderators role @endrole ... @role('*') //Has any roles @else //Has no role (Eg: role_id=0) @endrole
示例
用户表
角色表
权限表
路由 web.php
Route::get('/', function () { return "home ppage"; }); Route::group(['middleware' => ['auth','permission']], function () { Route::get('/secret', function () { return "SECRET PAGE"; }); Route::get('/account', function ($id) { return "view account infos"; }); }); Route::group(["prefix" => "admin",'middleware' => ['auth','permission']], function () { Route::get('/', function () { return view('dashboard'); }); Route::ressource('posts', 'PostController'); });
每个人都可以看到主页
只有 mike 可以查看 /secret
Lisa 可以在 /admin/* 中做任何事情并查看账户页面(从成员继承)
John 只能查看账户页面
待办事项
- 分配/撤销角色到用户的函数
- 分配/撤销权限到角色的函数
- 将角色继承到角色的函数