regulus/identify

A Laravel 5 鉴权/授权包,增加角色、权限、访问级别和用户状态。允许简单或复杂的用户访问控制实现。

v1.0.1 2018-09-14 01:02 UTC

README

A Laravel 5 鉴权/授权包,增加角色、权限、访问级别和用户状态。允许简单或复杂的用户访问控制实现。

Latest Stable Version License

Composer 包安装

要安装 Identify,请确保 "regulus/identify" 已添加到 Laravel 5 的 composer.json 文件中。

"require": {
	"regulus/identify": "1.0.*"
},

然后从命令行运行 php composer.phar update。Composer 将安装 Identify 包。

安装

注册服务提供者和设置别名

将以下内容添加到 config/app.php 中的 providers 数组

Regulus\Identify\IdentifyServiceProvider::class,

并将以下内容添加到 aliases 数组

'Auth' => Regulus\Identify\Facade::class,

将中间件添加到 app/Http/Kernal.php 中的 routeMiddleware 数组

'auth.permissions' => \Regulus\Identify\Middleware\Authorize::class,
'auth.token'       => \Regulus\Identify\Middleware\AuthenticateByToken::class,

添加并运行安装命令

将以下内容添加到 app/Console/Kernel.php 中的 commands 数组

\Regulus\Identify\Commands\Install::class,
\Regulus\Identify\Commands\CreateUser::class,

然后运行以下命令

php artisan identify:install

Identify 现在已安装。这包括所有必要的数据库迁移、数据库填充和配置发布。发布的配置文件是 auth.php,将覆盖 Laravel 5 的默认认证配置。默认表名以 auth_ 前缀开头,但您可以通过在安装行中添加 --tables-prefix 选项来更改表前缀

php artisan identify:install --tables-prefix=none

php artisan identify:install --tables-prefix=identify

前一个示例将删除所有表名的前缀,因此您将得到 usersroles 等。后一个示例将默认表前缀 auth 更改为 identify,因此您的表名将是 identify_usersidentify_roles 等。

现在您应该有 4 个用户,分别是 AdminTestUserTestUser2TestUser3。所有默认密码都是简单的 password,用户名不区分大小写,因此您只需键入 adminpassword 即可登录。前 3 个初始角色是 AdministratorModeratorMemberAdmin 具有管理员角色,TestUser 具有管理员角色,最后的 2 个用户具有 Member 角色。

现在您可以跳转到基本用法部分。

基本用法

检查用户是否已登录

if (Auth::check())
{
	// the user is logged in
}

检查用户是否具有特定角色

if (Auth::is('admin'))
{
	// the user has an "admin" role
}

if (Auth::is(['admin', 'user']))
{
	// the user has an "admin" and/or "user" role
}

if (Auth::hasRole(['admin', 'user']))
{
	// the user has an "admin" and/or "user" role (hasRole() is an alias of the is() method)
}

if (Auth::isAll(['admin', 'user']))
{
	// the user has an "admin" and "user" role
}

检查用户是否不具有特定角色

if (Auth::isNot('admin'))
{
	// the user lacks an "admin" role
}

if (Auth::isNot(['admin', 'user']))
{
	// the user lacks the "admin" and "user" roles
}

检查用户是否具有特定权限

if (Auth::can('manage-posts'))
{
	// the user has a "manage-posts" permission
}

if (Auth::can(['manage-posts', 'manage-users']))
{
	// the user has a "manage-posts" and/or "manage-users" permission
}

if (Auth::hasPermission(['manage-posts', 'manage-users']))
{
	// the user has a "manage-posts" and/or "manage-users" permission (hasPermission() is an alias of the has() method)
}

if (Auth::hasPermissions(['manage-posts', 'manage-users']))
{
	// the user has a "manage-posts" and "manage-users" permission
}

注意:权限可以是层级的,因此“管理”权限可能包含“管理帖子”、“管理用户”等。在这种情况下,如果用户具有父级“管理”权限,则 Auth::can('manage-posts') 将满足条件。用户可以直接应用于其用户账户或通过角色间接应用的权限。角色可以与一组权限相关联,用户将继承这些权限。

添加或删除权限

$user = Auth::user();

$user->addPermission('manage-posts'); // add "manage-posts" permission

$user->addPermission(1); // add permission with ID of 1

$user->removePermission('manage-posts'); // remove "manage-posts" permission

$user->removePermission(1); // remove permission with ID of 1

// adding or removing multiple permissions

$user->addPermissions(['manage-posts', 'manage-users']);

$user->removePermissions(['manage-posts', 'manage-users']);

注意:这些方法是必要的,因为有一个 auth_user_permissions_cached 表,当权限更新时将更新它,以减少必要的权限相关数据库查询的数量。

授权特定角色或角色

// redirect to "home" URI if the user does not have one of the specified roles
Auth::authorizeByRole(['admin', 'user'], 'home');

// with a custom message (otherwise a default one is provided)
Auth::authorizeByRole(['admin', 'user'], 'home', 'You are not authorized to access the requested page.');

授权特定权限或权限

// redirect to "home" URI if the user does not have one of the specified roles
Auth::authorize(['manage-posts', 'manage-users'], 'home');

// with a custom message (otherwise a default one is provided)
Auth::authorize(['manage-posts', 'manage-users'], 'home', 'You are not authorized to access the requested page.');

自动重定向到包含未授权信息的 URI

// redirect to "home" URI if the user does not have one of the specified roles
return Auth::unauthorized('home');

// with a custom message (otherwise a default one is provided)
return Auth::unauthorized('home', 'You are not authorized to access the requested page.');

第三个参数是会话变量的名称。默认是 'messages',因此如果用户被重定向,Session::get('messages') 将返回类似以下内容的数组

['error' => 'You are not authorized to access the requested page.']

根据特定角色或角色查询用户

$users = User::onlyRoles('admin')->get(); // get users that have "admin" role

$users = User::onlyRoles(['admin', 'mod'])->get(); // get users that have "admin" or "mod" role

$users = User::exceptRoles('admin')->get(); // get users that do not have "admin" role

$users = User::exceptRoles(['admin', 'mod'])->get(); // get users that do not have "admin" or "mod" role

注意:即使 exceptRoles() 范围返回数组中未包含的其他角色的用户,它也会返回用户。

路由权限

根据路由权限检查用户是否有路由访问权限

if (Auth::hasRouteAccess('pages.edit'))
{
	// user has access to "pages.edit" route
}

注意:此功能及hasAccess()需要您在config/auth_routes.php中设置路由权限。

基于路由权限检查用户是否可以访问URI

if (Auth::hasAccess('pages/edit/home'))
{
	// user has access to "pages/edit/home" URI (based on "config/auth_routes.php" route permissions mapping)
}

要使用hasRouteAccess()和hasAccess(),您可以将config/auth_routes.php设置为包含您要设置权限的路由

return [

	'admin.*'          => ['manage'],                                // user must have "manage" permission
	'admin.pages.*'    => ['manage-pages', 'demo'],                  // user must have "manage-pages" or "demo" permission
	'admin.forms.*'    => ['manage-pages', 'manage-forms', '[ALL]'], // user must have "manage-pages" and "manage-forms" permission
	'admin.forms.view' => ['view-forms'],                            // the most specifically defined route will always be checked

];

创建账户和发送邮件

创建新的用户账户

Auth::createUser();

// use custom input array
Auth::createUser([
	'name'        => 'TestUser',
	'email'       => 'test@localhost',
	'password'    => 'password',
	'role_id'     => 2,
	'permissions' => ['manage-pages', 'manage-users'],
]);

// automatically activate user account
Auth::createUser($input, true);

// suppress confirmation email
Auth::createUser($input, true, false);

通过命令行界面创建新的用户账户

// use default password of "password"
php artisan user:create username email@address.com

// use alternate password
php artisan user:create username email@address.com --password=anotherpassword

// automatically activate user
php artisan user:create username email@address.com --activate

// automatically activate user and suppress confirmation email
php artisan user:create username email@address.com --activate --suppress

向用户发送位于views/emails目录下的特定视图的电子邮件

Auth::sendEmail($user, 'confirmation');

Auth::sendEmail($user, 'banned');

Auth::sendEmail($user, 'deleted');

Auth::sendEmail($user, 'password');

通过ID和激活令牌激活用户账户

if (Auth::activate(1, 'wHHhONhavZps1J9p8Rs6WIXsTK30tFhl'))
{
	// user ID #1 has been activated
}