通过 
搜索
搜索stevebauman / authorization
此包已被放弃且不再维护。未建议替代包。
原生Laravel授权。
v1.3.3
2016-02-26 18:42 UTC
Requires
- php: >=5.5.9
- illuminate/database: ~5.2
Requires (Dev)
- orchestra/testbench: ~3.2
- phpunit/phpunit: ~4.8
README
注意
此包已迁移至 https://github.com/larapacks/authorization。
从此次提交起3个月后,此GitHub仓库将被删除(尽管Composer的可用性仍然存在,但不会被删除)。
描述
一个简单、原生的Laravel角色/权限管理系统。
Authorization会自动将您的数据库权限和角色添加到Illuminate\Auth\Access\Gate中,这意味着您可以使用原生的Laravel策略和方法进行授权。这也意味着您不需要局限于使用此包。
安装
将Authorization添加到您的composer.json文件中
"stevebauman/authorization": "1.3.*"
然后运行composer update。
将服务提供者在您的config/app.php文件中
Stevebauman\Authorization\AuthorizationServiceProvider::class,
完成以上步骤后,使用以下命令发布迁移
php artisan vendor:publish --tag="authorization"
然后运行php artisan migrate。
完成迁移后,创建以下两个模型并插入相关特质
角色模型
<?php namespace App\Models; use Illuminate\Database\Eloquent\Model; use Stevebauman\Authorization\Traits\RolePermissionsTrait; class Role extends Model { use RolePermissionsTrait; /** * The roles table. * * @var string */ protected $table = 'roles'; }
权限模型
<?php namespace App\Models; use Illuminate\Database\Eloquent\Model; use Stevebauman\Authorization\Traits\PermissionRolesTrait; class Permission extends Model { use PermissionRolesTrait; /** * The permissions table. * * @var string */ protected $table = 'permissions'; }
现在将Stevebauman\Authorization\Traits\UserRolesTrait添加到您的App\Models\User模型中
namespace App\Models; use Stevebauman\Authorization\Traits\UserRolesTrait; use Illuminate\Auth\Authenticatable; use Illuminate\Database\Eloquent\Model; use Illuminate\Auth\Passwords\CanResetPassword; use Illuminate\Foundation\Auth\Access\Authorizable; class User extends Model { use Authenticatable, Authorizable, CanResetPassword, UserRolesTrait; /** * The users table. * * @var string */ protected $table = 'users'; }
您已经设置好了!
使用
创建一个权限
$createUsers = new Permission(); $createUsers->name = 'users.create'; $createUsers->label = 'Create Users'; $createUsers->save();
将权限授予一个角色
$administrator = new Role(); $administrator->name = 'administrator'; $administrator->label = 'Admin'; $administrator->save(); // Granting the role the $createUsers permission. $administrator->grant($createUsers); // Or use regular relationship methods $administrator->permissions()->save($createUsers);
现在将角色分配给用户
$user = User::find(1); // Using the role model $user->assignRole($administrator); // Using the role name $user->assignRole('administrator'); // Or use regular relationship methods $user->roles()->save($administrator);
按如下方式进行授权
if (Auth::user()->hasPermission('users.create')) { }
您也可以创建特定用户的权限
$createUsers = new Permission(); $createUsers->name = 'users.create'; $createUsers->label = 'Create Users'; $createUsers->save(); $user->permissions()->save($createUsers); // Using the permissions name. if ($user->hasPermission('users.create')) { // } // Using the permissions model. if ($user->hasPermission($createUsers)) { // }
或者使用Laravel的原生授权方法,如Gate外观
if (Gate::allows('users.edit')) { // }
或者使用Laravel的原生AuthorizesRequests特质方法在您的控制器中
public function index() { $this->authorize('users.index'); // User can access index. }
或者使用Laravel的原生can方法在用户上
if (Auth::user()->can('users.index')) { // This user can access the index. }
或者使用Laravel的原生@can指令在您的视图中
@can('users.index') <!-- This user can access the index. --> @endcan
检查多个权限
if (Auth::user()->hasPermissions(['users.create', 'users.edit'])) { // This user has both creation and edit rights. } else { // It looks like the user doesn't have one of the specified permissions. }
检查用户是否有任何权限
if (Auth::user()->hasAnyPermissions(['users.create', 'users.edit', 'users.destroy'])) { // This user either has create, edit or destroy permissions. } else { // It looks like the user doesn't have any of the specified permissions. }
检查用户是否有角色
if (Auth::user()->hasRole('administrator')) { // This user is an administrator. } else { // It looks like the user isn't an administrator. }
检查用户是否有指定角色
if (Auth::user()->hasRoles(['administrator', 'member'])) { // This user is an administrator and a member. } else { // It looks like the user isn't an administrator or member. }
检查用户是否有任何指定角色
if (Auth::user()->hasAnyRoles(['administrator', 'member', 'guest'])) { // This user is either an administrator, member or guest. } else { // It looks like the user doesn't have any of these roles. }
中间件
Authorization包含两个有用的中间件类,您可以在路由中使用。
将它们添加到您的app/Http/Kernel.php中
/** * The application's route middleware. * * These middleware may be assigned to groups or used individually. * * @var array */ protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'permission' => \Stevebauman\Authorization\Middleware\PermissionMiddleware::class, // The permission middleware 'role' => \Stevebauman\Authorization\Middleware\RoleMiddleware::class, // The role middleware ];
完成以上步骤后,您就可以开始使用了。
注意:当用户不符合中间件的要求时,会抛出
Illuminate\Contracts\Validation\UnauthorizedException。
仅允许具有特定权限的路线进行保护
Route::get('users', [ 'uses' => 'UsersController@index', 'middleware' => 'permission:users.index', ]); // Multiple permissions: Route::get('users', [ 'uses' => 'UsersController@index', 'middleware' => 'permission:users.index,users.create', // Users must have index **and** create rights to access this route. ]);
仅允许具有特定角色的路线进行保护
Route::get('users', [ 'uses' => 'UsersController@index', 'middleware' => 'role:administrator', ]); // Multiple roles: Route::get('users', [ 'uses' => 'UsersController@index', 'middleware' => 'role:administrator,member', // Users must be an administrator **and** a member to access this route. ]);
模型特定权限
要为特定模型创建权限,请使用模型的键作为唯一权限名称。例如
$user = User::find(1); $permission = new Permission(); $permission->name = "users.edit.$user->id"; $permission->label = "Edit User: $user->name"; $permission->save();
然后在编辑特定模型时进行验证
public function edit($id) { $user = $this->user->findOrFail($id); // The current user must have permission to edit this specific user. $this->authorize("users.edit.$user->id"); return view('users.edit', compact('user')); }