README

安装后，您可以执行以下操作

// Adding permissions to a user
$user->givePermissionTo('edit articles');

// Adding permissions via a role
$user->assignRole('writer');

$role->givePermissionTo('edit articles');

因为所有权限都会注册在Laravel的gate上，您可以使用Laravel的默认can函数来测试用户是否有权限

$user->can('edit articles');

安装

您可以通过composer安装此包

composer require moahada/laravel-mongodb-permission

您可以使用以下命令发布迁移文件：

php artisan vendor:publish --provider="Moahada\Permission\PermissionServiceProvider" --tag="migrations"

php artisan migrate

您可以使用以下命令发布配置文件：

php artisan vendor:publish --provider="Moahada\Permission\PermissionServiceProvider" --tag="config"

发布后，config/permission.php配置文件包含以下内容：

return [

    'models' => [

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * Moloquent model should be used to retrieve your permissions. Of course, it
         * is often just the "Permission" model but you may use whatever you like.
         *
         * The model you want to use as a Permission model needs to implement the
         * `Moahada\Permission\Contracts\Permission` contract.
         */

        'permission' => Moahada\Permission\Models\Permission::class,

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * Moloquent model should be used to retrieve your roles. Of course, it
         * is often just the "Role" model but you may use whatever you like.
         *
         * The model you want to use as a Role model needs to implement the
         * `Moahada\Permission\Contracts\Role` contract.
         */

        'role' => Moahada\Permission\Models\Role::class,

    ],

    'collection_names' => [

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * table should be used to retrieve your roles. We have chosen a basic
         * default value but you may easily change it to any table you like.
         */

        'roles' => 'roles',

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * table should be used to retrieve your permissions. We have chosen a basic
         * default value but you may easily change it to any table you like.
         */

        'permissions' => 'permissions',
    ],

    /*
     * By default all permissions will be cached for 24 hours unless a permission or
     * role is updated. Then the cache will be flushed immediately.
     */

    'cache_expiration_time' => 60 * 24,

    /*
     * By default we'll make an entry in the application log when the permissions
     * could not be loaded. Normally this only occurs while installing the packages.
     *
     * If for some reason you want to disable that logging, set this value to false.
     */

    'log_registration_exception' => true,
    
    /*
     * When set to true, the required permission/role names are added to the exception
     * message. This could be considered an information leak in some contexts, so
     * the default setting is false here for optimum safety.
     */
    
    'display_permission_in_exception' => false,
];

用法

首先，将Moahada\Permission\Traits\HasRoles特质添加到您的User模型中

use Illuminate\Auth\Authenticatable;
use Jenssegers\Mongodb\Eloquent\Model as Model;
use Illuminate\Foundation\Auth\Access\Authorizable;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
use Moahada\Permission\Traits\HasRoles;

class User extends Model implements AuthenticatableContract, AuthorizableContract
{
    use Authenticatable, Authorizable, HasRoles;

    // ...
}

注意：如果您需要将HasRoles特质与另一个模型（例如Page）一起使用，也需要将protected $guard_name = 'web';添加到该模型中，否则可能会出现错误

use Jenssegers\Mongodb\Eloquent\Model as Model;
use Moahada\Permission\Traits\HasRoles;

class Page extends Model
{
    use HasRoles;

    protected $guard_name = 'web'; // or whatever guard you want to use

    // ...
}

此包允许用户与权限和角色相关联。每个角色都与多个权限相关联。一个Role和一个Permission是常规Moloquent模型。它们需要一个name，可以像这样创建：

use Moahada\Permission\Models\Role;
use Moahada\Permission\Models\Permission;

$role = Role::create(['name' => 'writer']);
$permission = Permission::create(['name' => 'edit articles']);

可以使用以下方法之一将权限分配给角色：

$role->givePermissionTo($permission);
$permission->assignRole($role);

可以使用以下方法之一将多个权限同步到角色：

$role->syncPermissions($permissions);
$permission->syncRoles($roles);

可以使用以下方法之一从角色中删除权限：

$role->revokePermissionTo($permission);
$permission->removeRole($role);

如果您使用多个守卫，则还需要设置guard_name属性。有关详细信息，请参阅readme中的使用多个守卫部分。

HasRoles特质为您的模型添加了Moloquent关系，可以直接访问或用作基础查询

// get a list of all permissions directly assigned to the user
$permissions = $user->permissions; // Returns a collection

// get all permissions inherited by the user via roles
$permissions = $user->getAllPermissions(); // Returns a collection

// get all permissions names
$permissions = $user->getPermissionNames(); // Returns a collection

// get a collection of all defined roles
$roles = $user->roles->pluck('name'); // Returns a collection

// get all role names
$roles = $user->getRoleNames() // Returns a collection;

HasRoles特质还为您模型的查询添加了role作用域，以将查询限定在特定的角色或权限上

$users = User::role('writer')->get(); // Returns only users with the role 'writer'
$users = User::permission('edit articles')->get(); // Returns only users with the permission 'edit articles'

作用域可以接受一个字符串，一个\Moahada\Permission\Models\Role对象，一个\Moahada\Permission\Models\Permission对象或一个\Illuminate\Support\Collection对象。

使用“直接”权限

可以使用HasRoles特质将权限授予任何用户

$user->givePermissionTo('edit articles');

// You can also give multiple permission at once
$user->givePermissionTo('edit articles', 'delete articles');

// You may also pass an array
$user->givePermissionTo(['edit articles', 'delete articles']);

可以从用户中撤销权限

$user->revokePermissionTo('edit articles');

一次性撤销并添加新权限

$user->syncPermissions(['edit articles', 'delete articles']);

您可以测试用户是否有权限

$user->hasPermissionTo('edit articles');

...或测试用户是否有多个权限

$user->hasAnyPermission(['edit articles', 'publish articles', 'unpublish articles']);

保存的权限将与默认守卫的Illuminate\Auth\Access\Gate类一起注册。因此，您可以使用Laravel的默认can函数测试用户是否有权限

$user->can('edit articles');

通过角色使用权限

可以将角色分配给任何用户

$user->assignRole('writer');

// You can also assign multiple roles at once
$user->assignRole('writer', 'admin');
// or as an array
$user->assignRole(['writer', 'admin']);

可以从用户中移除角色

$user->removeRole('writer');

角色也可以同步

// All current roles will be removed from the user and replaced by the array given
$user->syncRoles(['writer', 'admin']);

您可以确定用户是否具有特定角色

$user->hasRole('writer');

您还可以确定用户是否具有给定列表中的任何角色

$user->hasAnyRole(Role::all());

您还可以确定用户是否具有给定列表中的所有角色

$user->hasAllRoles(Role::all());

assignRole、hasRole、hasAnyRole、hasAllRoles和removeRole函数可以接受一个字符串、一个\Moahada\Permission\Models\Role对象或一个\Illuminate\Support\Collection对象。

可以将权限分配给角色

$role->givePermissionTo('edit articles');

您可以确定角色是否具有特定权限

$role->hasPermissionTo('edit articles');

可以从角色中撤销权限

$role->revokePermissionTo('edit articles');

givePermissionTo 和 revokePermissionTo 函数可以接受一个字符串或一个 Moahada\Permission\Models\Permission 对象。

权限会从角色自动继承。此外，还可以为用户分配单独的权限。

例如：

$role = Role::findByName('writer');
$role->givePermissionTo('edit articles');

$user->assignRole('writer');

$user->givePermissionTo('delete articles');

在上面的例子中，一个角色被赋予编辑文章的权限，并且这个角色被分配给了用户。现在用户可以编辑文章，还可以删除文章。删除文章的权限是用户的直接权限，因为它直接分配给了用户。当我们调用 $user->hasDirectPermission('delete articles') 时，它返回 true，但 $user->hasDirectPermission('edit articles') 返回 false。

此方法对于构建一个用于设置应用中角色和用户权限的表单非常有用，如果想要限制或更改用户的角色继承权限，即只允许更改用户的直接权限。

您可以列出所有这些权限：

// Direct permissions
$user->getDirectPermissions() // Or $user->permissions;

// Permissions inherited from the user's roles
$user->getPermissionsViaRoles();

// All permissions which apply on the user (inherited and direct)
$user->getAllPermissions();

所有这些响应都是 Moahada\Permission\Models\Permission 对象的集合。

如果我们遵循前面的例子，第一个响应将包含 delete article 权限的集合，第二个将包含 edit article 权限的集合，第三个将包含两者。

使用 Blade 指令：

此包还添加了 Blade 指令，以验证当前登录用户是否具有给定的角色列表中的所有或任意角色。

可选地，您可以作为第二个参数传入将在其上执行检查的 guard。

Blade 和角色：

测试特定角色：

@role('writer')
    I am a writer!
@else
    I am not a writer...
@endrole

等同于：

@hasrole('writer')
    I am a writer!
@else
    I am not a writer...
@endhasrole

测试列表中的任意角色：

@hasanyrole(Role::all())
    I have one or more of these roles!
@else
    I have none of these roles...
@endhasanyrole
// or
@hasanyrole('writer|admin')
    I am either a writer or an admin or both!
@else
    I have none of these roles...
@endhasanyrole

测试所有角色：

@hasallroles(Role::all())
    I have all of these roles!
@else
    I do not have all of these roles...
@endhasallroles
// or
@hasallroles('writer|admin')
    I am both a writer and an admin!
@else
    I do not have all of these roles...
@endhasallroles

Blade 和权限：

此包不添加任何特定于权限的 Blade 指令。相反，使用 Laravel 的原生 @can 指令来检查用户是否具有特定的权限。

@can('edit articles')
  //
@endcan

或：

@if(auth()->user()->can('edit articles') && $some_other_condition)
  //
@endif

使用 artisan 命令：

您可以使用 artisan 命令从控制台创建角色或权限。

php artisan permission:create-role writer

php artisan permission:create-permission 'edit articles'

创建特定守护者的权限和角色时，您可以指定守护者名称作为第二个参数。

php artisan permission:create-role writer web

php artisan permission:create-permission 'edit articles' web

moahada / laravel-mongodb-permission

维护者

详细信息