regulus / identify
A Laravel 5 鉴权/授权包,增加角色、权限、访问级别和用户状态。允许简单或复杂的用户访问控制实现。
Requires
- php: >=7.0.0
- doctrine/dbal: >=2.3.0
- laravel/framework: >=5.5.0
This package is auto-updated.
Last update: 2024-09-27 06:11:24 UTC
README
A Laravel 5 鉴权/授权包,增加角色、权限、访问级别和用户状态。允许简单或复杂的用户访问控制实现。
Composer 包安装
要安装 Identify,请确保 "regulus/identify" 已添加到 Laravel 5 的 composer.json
文件中。
"require": {
"regulus/identify": "1.0.*"
},
然后从命令行运行 php composer.phar update
。Composer 将安装 Identify 包。
安装
注册服务提供者和设置别名
将以下内容添加到 config/app.php
中的 providers
数组
Regulus\Identify\IdentifyServiceProvider::class,
并将以下内容添加到 aliases
数组
'Auth' => Regulus\Identify\Facade::class,
将中间件添加到 app/Http/Kernal.php
中的 routeMiddleware
数组
'auth.permissions' => \Regulus\Identify\Middleware\Authorize::class,
'auth.token' => \Regulus\Identify\Middleware\AuthenticateByToken::class,
添加并运行安装命令
将以下内容添加到 app/Console/Kernel.php
中的 commands
数组
\Regulus\Identify\Commands\Install::class,
\Regulus\Identify\Commands\CreateUser::class,
然后运行以下命令
php artisan identify:install
Identify 现在已安装。这包括所有必要的数据库迁移、数据库填充和配置发布。发布的配置文件是 auth.php
,将覆盖 Laravel 5 的默认认证配置。默认表名以 auth_
前缀开头,但您可以通过在安装行中添加 --tables-prefix
选项来更改表前缀
php artisan identify:install --tables-prefix=none
php artisan identify:install --tables-prefix=identify
前一个示例将删除所有表名的前缀,因此您将得到 users
、roles
等。后一个示例将默认表前缀 auth
更改为 identify
,因此您的表名将是 identify_users
、identify_roles
等。
现在您应该有 4 个用户,分别是 Admin
、TestUser
、TestUser2
和 TestUser3
。所有默认密码都是简单的 password
,用户名不区分大小写,因此您只需键入 admin
和 password
即可登录。前 3 个初始角色是 Administrator
、Moderator
和 Member
。 Admin
具有管理员角色,TestUser
具有管理员角色,最后的 2 个用户具有 Member
角色。
现在您可以跳转到基本用法部分。
基本用法
检查用户是否已登录
if (Auth::check())
{
// the user is logged in
}
检查用户是否具有特定角色
if (Auth::is('admin'))
{
// the user has an "admin" role
}
if (Auth::is(['admin', 'user']))
{
// the user has an "admin" and/or "user" role
}
if (Auth::hasRole(['admin', 'user']))
{
// the user has an "admin" and/or "user" role (hasRole() is an alias of the is() method)
}
if (Auth::isAll(['admin', 'user']))
{
// the user has an "admin" and "user" role
}
检查用户是否不具有特定角色
if (Auth::isNot('admin'))
{
// the user lacks an "admin" role
}
if (Auth::isNot(['admin', 'user']))
{
// the user lacks the "admin" and "user" roles
}
检查用户是否具有特定权限
if (Auth::can('manage-posts'))
{
// the user has a "manage-posts" permission
}
if (Auth::can(['manage-posts', 'manage-users']))
{
// the user has a "manage-posts" and/or "manage-users" permission
}
if (Auth::hasPermission(['manage-posts', 'manage-users']))
{
// the user has a "manage-posts" and/or "manage-users" permission (hasPermission() is an alias of the has() method)
}
if (Auth::hasPermissions(['manage-posts', 'manage-users']))
{
// the user has a "manage-posts" and "manage-users" permission
}
注意:权限可以是层级的,因此“管理”权限可能包含“管理帖子”、“管理用户”等。在这种情况下,如果用户具有父级“管理”权限,则
Auth::can('manage-posts')
将满足条件。用户可以直接应用于其用户账户或通过角色间接应用的权限。角色可以与一组权限相关联,用户将继承这些权限。
添加或删除权限
$user = Auth::user();
$user->addPermission('manage-posts'); // add "manage-posts" permission
$user->addPermission(1); // add permission with ID of 1
$user->removePermission('manage-posts'); // remove "manage-posts" permission
$user->removePermission(1); // remove permission with ID of 1
// adding or removing multiple permissions
$user->addPermissions(['manage-posts', 'manage-users']);
$user->removePermissions(['manage-posts', 'manage-users']);
注意:这些方法是必要的,因为有一个
auth_user_permissions_cached
表,当权限更新时将更新它,以减少必要的权限相关数据库查询的数量。
授权特定角色或角色
// redirect to "home" URI if the user does not have one of the specified roles
Auth::authorizeByRole(['admin', 'user'], 'home');
// with a custom message (otherwise a default one is provided)
Auth::authorizeByRole(['admin', 'user'], 'home', 'You are not authorized to access the requested page.');
授权特定权限或权限
// redirect to "home" URI if the user does not have one of the specified roles
Auth::authorize(['manage-posts', 'manage-users'], 'home');
// with a custom message (otherwise a default one is provided)
Auth::authorize(['manage-posts', 'manage-users'], 'home', 'You are not authorized to access the requested page.');
自动重定向到包含未授权信息的 URI
// redirect to "home" URI if the user does not have one of the specified roles
return Auth::unauthorized('home');
// with a custom message (otherwise a default one is provided)
return Auth::unauthorized('home', 'You are not authorized to access the requested page.');
第三个参数是会话变量的名称。默认是 'messages',因此如果用户被重定向,Session::get('messages')
将返回类似以下内容的数组
['error' => 'You are not authorized to access the requested page.']
根据特定角色或角色查询用户
$users = User::onlyRoles('admin')->get(); // get users that have "admin" role
$users = User::onlyRoles(['admin', 'mod'])->get(); // get users that have "admin" or "mod" role
$users = User::exceptRoles('admin')->get(); // get users that do not have "admin" role
$users = User::exceptRoles(['admin', 'mod'])->get(); // get users that do not have "admin" or "mod" role
注意:即使
exceptRoles()
范围返回数组中未包含的其他角色的用户,它也会返回用户。
路由权限
根据路由权限检查用户是否有路由访问权限
if (Auth::hasRouteAccess('pages.edit'))
{
// user has access to "pages.edit" route
}
注意:此功能及hasAccess()需要您在
config/auth_routes.php
中设置路由权限。
基于路由权限检查用户是否可以访问URI
if (Auth::hasAccess('pages/edit/home'))
{
// user has access to "pages/edit/home" URI (based on "config/auth_routes.php" route permissions mapping)
}
要使用hasRouteAccess()和hasAccess(),您可以将config/auth_routes.php
设置为包含您要设置权限的路由
return [
'admin.*' => ['manage'], // user must have "manage" permission
'admin.pages.*' => ['manage-pages', 'demo'], // user must have "manage-pages" or "demo" permission
'admin.forms.*' => ['manage-pages', 'manage-forms', '[ALL]'], // user must have "manage-pages" and "manage-forms" permission
'admin.forms.view' => ['view-forms'], // the most specifically defined route will always be checked
];
创建账户和发送邮件
创建新的用户账户
Auth::createUser();
// use custom input array
Auth::createUser([
'name' => 'TestUser',
'email' => 'test@localhost',
'password' => 'password',
'role_id' => 2,
'permissions' => ['manage-pages', 'manage-users'],
]);
// automatically activate user account
Auth::createUser($input, true);
// suppress confirmation email
Auth::createUser($input, true, false);
通过命令行界面创建新的用户账户
// use default password of "password"
php artisan user:create username email@address.com
// use alternate password
php artisan user:create username email@address.com --password=anotherpassword
// automatically activate user
php artisan user:create username email@address.com --activate
// automatically activate user and suppress confirmation email
php artisan user:create username email@address.com --activate --suppress
向用户发送位于views/emails
目录下的特定视图的电子邮件
Auth::sendEmail($user, 'confirmation');
Auth::sendEmail($user, 'banned');
Auth::sendEmail($user, 'deleted');
Auth::sendEmail($user, 'password');
通过ID和激活令牌激活用户账户
if (Auth::activate(1, 'wHHhONhavZps1J9p8Rs6WIXsTK30tFhl'))
{
// user ID #1 has been activated
}