搜索qylinfly / role-permission
Laravel 5.x 权限处理
Requires
- php: >=5.6.0
- illuminate/contracts: ~5.1.0|~5.2.0|~5.3.0|~5.4.0
- laravel/framework: ~5.1.11|~5.2.0|~5.3.0|~5.4.0
Requires (Dev)
- orchestra/testbench: ~3.3.0|~3.4.0
- phpunit/phpunit: ^5.7.5
This package is not auto-updated.
Last update: 2024-09-28 20:30:33 UTC
README
从 https://github.com/spatie/laravel-permission 初始化
此包允许在数据库中保存权限和角色。它建立在 Laravel 的授权功能 之上,该功能自 5.1.11 版本开始引入。
安装后,您可以执行以下操作
//adding permissions to a user $user->givePermissionTo('edit articles'); //adding permissions via a role $user->assignRole('writer'); $user2->assignRole('writer'); $role->givePermissionTo('edit articles');
您可以使用 Laravel 默认的 can 函数测试用户是否具有权限。
$user->can('edit articles');
如果您正在使用低于 5.2.28 的 Laravel 版本,并且想要一个检查权限的中间件,请查看我们的授权包: https://github.com/Qylinfly/laravel-authorize
安装
您可以通过 composer 安装此包
$ composer require qylinfly/role-permission
必须安装此服务提供者。
// config/app.php 'providers' => [ ... Qylinfly\Permission\PermissionServiceProvider::class, ];
您可以使用以下命令发布迁移
php artisan vendor:publish --provider="Qylinfly\Permission\PermissionServiceProvider" --tag="migrations"
包假设您的用户表名为 "users"。如果情况不是这样,您应该手动编辑已发布的迁移以使用您自定义的表名。
发布迁移后,您可以通过运行迁移来创建角色和权限表
php artisan migrate
您可以使用以下命令发布配置文件
php artisan vendor:publish --provider="Qylinfly\Permission\PermissionServiceProvider" --tag="config"
这是已发布配置文件的内容
// config/permission.php return [ /* |-------------------------------------------------------------------------- | Authorization Models |-------------------------------------------------------------------------- */ 'models' => [ /* |-------------------------------------------------------------------------- | Permission Model |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | Eloquent model should be used to retrieve your permissions. Of course, it | is often just the "Permission" model but you may use whatever you like. | | The model you want to use as a Permission model needs to implement the | `Qylinfly\Permission\Contracts\Permission` contract. | */ 'permission' => Qylinfly\Permission\Models\Permission::class, /* |-------------------------------------------------------------------------- | Role Model |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | Eloquent model should be used to retrieve your roles. Of course, it | is often just the "Role" model but you may use whatever you like. | | The model you want to use as a Role model needs to implement the | `Qylinfly\Permission\Contracts\Role` contract. | */ 'role' => Qylinfly\Permission\Models\Role::class, ], /* |-------------------------------------------------------------------------- | Authorization Tables |-------------------------------------------------------------------------- */ 'table_names' => [ /* |-------------------------------------------------------------------------- | Roles Table |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | table should be used to retrieve your roles. We have chosen a basic | default value but you may easily change it to any table you like. | */ 'roles' => 'roles', /* |-------------------------------------------------------------------------- | Permissions Table |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | table should be used to retrieve your permissions. We have chosen a basic | default value but you may easily change it to any table you like. | */ 'permissions' => 'permissions', /* |-------------------------------------------------------------------------- | User Permissions Table |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | table should be used to retrieve your users permissions. We have chosen a | basic default value but you may easily change it to any table you like. | */ 'user_has_permissions' => 'user_has_permissions', /* |-------------------------------------------------------------------------- | User Roles Table |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | table should be used to retrieve your users roles. We have chosen a | basic default value but you may easily change it to any table you like. | */ 'user_has_roles' => 'user_has_roles', /* |-------------------------------------------------------------------------- | Role Permissions Table |-------------------------------------------------------------------------- | | When using the "HasRoles" trait from this package, we need to know which | table should be used to retrieve your roles permissions. We have chosen a | basic default value but you may easily change it to any table you like. | */ 'role_has_permissions' => 'role_has_permissions', ], ];
用法
首先将 Qylinfly\Permission\Traits\HasRoles - 特性添加到您的 User 模型中。
use Illuminate\Foundation\Auth\User as Authenticatable; use Qylinfly\Permission\Traits\HasRoles; class User extends Authenticatable { use HasRoles; // ... }
此包允许用户与角色相关联。权限可以与角色相关联。一个 Role 和一个 Permission 都是常规的 Eloquent 模型。它们可以有名称,并且可以像这样创建
use Qylinfly\Permission\Models\Role; use Qylinfly\Permission\Models\Permission; $role = Role::create(['name' => 'writer']); $permission = Permission::create(['name' => 'edit articles']);
HasRoles 为您的模型添加 eloquent 关联,可以直接访问或用作基础查询。
$permissions = $user->permissions; $roles = $user->roles()->pluck('name'); // returns a collection
HasRoles 还为您的模型添加了一个作用域,可以将查询限制到某些角色。
$users = User::role('writer')->get(); // Only returns users with the role 'writer'
作用域可以接受字符串、一个 Qylinfly\Permission\Models\Role 对象或一个 \Illuminate\Support\Collection 对象。
### 使用权限 您可以向用户授予权限
$user->givePermissionTo('edit articles'); //you can also give multiple permission at once $user->givePermissionTo('edit articles', 'delete articles'); //you may also pass an array $user->givePermissionTo(['edit articles', 'delete articles']);
您可以从用户中撤销权限
$user->revokePermissionTo('edit articles');
您可以测试用户是否具有权限
$user->hasPermissionTo('edit articles');
保存的权限将与 Illuminate\Auth\Access\Gate 类一起注册。因此,您可以使用 Laravel 的默认 can 函数测试用户是否具有权限。
$user->can('edit articles');
### 使用角色和权限 您可以将角色分配给用户
$user->assignRole('writer'); // you can also assign multiple roles at once $user->assignRole('writer', 'admin'); $user->assignRole(['writer', 'admin']);
您可以从用户中移除角色
$user->removeRole('writer');
角色也可以同步
//all current roles will be removed from the user and replace by the array given $user->syncRoles(['writer', 'admin']);
您可以确定用户是否具有某个角色
$user->hasRole('writer');
您还可以确定用户是否具有给定列表中的任何角色
$user->hasAnyRole(Role::all());
您还可以确定用户是否具有给定列表中的所有角色
$user->hasAllRoles(Role::all());
函数 assignRole、hasRole、hasAnyRole、hasAllRoles 和 removeRole 可以接受字符串、一个 Qylinfly\Permission\Models\Role 对象或一个 \Illuminate\Support\Collection 对象。
您可以将权限授予角色
$role->givePermissionTo('edit articles');
您可以确定角色是否具有某个权限
$role->hasPermissionTo('edit articles');
您可以从角色中撤销权限
$role->revokePermissionTo('edit articles');
函数 givePermissionTo 和 revokePermissionTo 可以接受字符串或一个 Qylinfly\Permission\Models\Permission 对象。
保存的权限和角色也将与 Illuminate\Auth\Access\Gate 类一起注册。
$user->can('edit articles');
分配给用户的角色的所有权限将自动继承给用户。除了这些权限之外,还可以为用户分配特定的权限。例如,
$role->givePermissionTo('edit articles'); $user->assignRole('writer'); $user->givePermissionTo('delete articles');
在上面的例子中,一个角色被赋予了编辑文章的权限,并将此角色分配给了用户。现在用户可以编辑文章,并且还可以删除文章。'删除文章'的权限是他的直接权限,因为它直接分配给了他。当我们调用$user->hasDirectPermission('delete articles')时,它返回True和False,对于$user->hasDirectPermission('edit articles')。
此方法在您有用于设置应用程序中角色和用户权限的表单时非常有用,并希望限制更改用户角色的继承权限,即只允许更改用户的直接权限。
### 使用 Blade 指令
@role('writer') I'm a writer! @else I'm not a writer... @endrole
@hasrole('writer') I'm a writer! @else I'm not a writer... @endhasrole
@hasanyrole(Role::all()) I have one or more of these roles! @else I have none of these roles... @endhasanyrole
@hasallroles(Role::all()) I have all of these roles! @else I don't have all of these roles... @endhasallroles
您可以使用 Laravel 的原生@can指令来检查用户是否具有特定的权限。
多项目控制
use Qylinfly\Permission\Facades\ProjectCodeFactory; ProjectCodeFactory::setCode('polar');
使用中间件
此包不包含检查权限的中间件,但添加这个中间件非常简单。
$ php artisan make:middleware RoleMiddleware
这将为您创建一个 RoleMiddleware,您可以在其中处理角色和权限检查。
// app/Http/Middleware/RoleMiddleware.php use Auth; ... public function handle($request, Closure $next, $role, $permission) { if (Auth::guest()) { return redirect($urlOfYourLoginPage); } if (! $request->user()->hasRole($role)) { abort(403); } if (! $request->user()->can($permission)) { abort(403); } return $next($request); }
别忘了将路由中间件添加到您的 Kernel 中
// app/Http/Kernel.php protected $routeMiddleware = [ ... 'role' => \App\Http\Middleware\RoleMiddleware::class, ... ];
现在您可以使用您刚刚设置的中间件来保护您的路由
Route::group(['middleware' => ['role:admin,access_backend']], function () { // });
扩展
如果您需要扩展或替换现有的 Role 或 Permission 模型,只需注意以下几点
- 您的
Role模型需要实现Qylinfly\Permission\Contracts\Role接口 - 您的
Permission模型需要实现Qylinfly\Permission\Contracts\Permission接口 - 您必须使用以下命令发布配置:
php artisan vendor:publish --provider="Qylinfly\Permission\PermissionServiceProvider" --tag="config"并更新models.role和models.permission的值
安全
如果您发现任何安全相关的问题,请通过电子邮件18612116114@163.com联系,而不是使用问题跟踪器。
替代方案
许可证
MIT 许可证 (MIT)。有关更多信息,请参阅许可证文件。