ACL component for Laravel 4
ACL component for Laravel 4.
First you need to install this package through Composer. Edit your project's composer.json
file to require vivify-ideas/acl
.
"require": {
"vivify-ideas/acl": "dev-master"
},
"minimum-stability" : "dev"
Next, update Composer from the Terminal:
composer update
Once this operation completes, you will need to add the service provider into your app. Open app/config/app.php
, and add a new item to the providers array.
'VivifyIdeas\Acl\AclServiceProvider
And also add new alias into aliases array.
'Acl' => 'VivifyIdeas\Acl\Facades\Acl',
Last step is to create main structure for keeping ACL. You can easy done this by running artisan
command:
php artisan acl:install
This will use current permission provider (Eloquent
) and create DB structure for saving permissions. It will create 2 additional tables acl_permissions
and acl_user_permissions
.
That's it! You're all set to go.
After runing artisan acl:install
command, you will get a new config file in app/config/packages/vivify-ideas/acl/config.php
.
There you will notice 5 sections.
'provider' => 'eloquent'
Main feature of this ACL component is PermissionsProvider
. Permission provider represent class that handle permissions. Currently there is only one permission provider Eloquent
(you can assume that permissions will be stored in DB that you specified on your project).
'superusers' => array()
Here you can define user IDs that will have superuser rights. This users will be able allowed all permissions.
'guestuser' => 0
Put here ID that will used for setting permissions to guest users.
'permissions' => array()
Here you need to put all permissions that exist in your system. Permissions need to be in next format
array(
array(
'id' => 'PERMISSION_ID',
'allowed' => true|false,
'route' => array('GET:/resource/(\d+)/edit', 'PUT:/resource/(\d+)'),
'resource_id_required' => true|false,
'name' => 'Permission name',
'group_id' => 'GROUP_ID_1', // optional
), array(
'id' => 'PERMISSION_ID_2',
'allowed' => true|false,
'route' => 'GET:/resource/(\d+)',
'resource_id_required' => true|false,
'name' => 'Permission 2 name'
'group_id' => 'GROUP_ID_2', // optional
)
)
'groups' => array()
Every permission can belong to some group. You can have groups that belongs to other group. Every group can have a route. Use next format:
array(
array(
'id' => 'ADMIN_PRIVILEGES',
'name' => 'Administrator Privileges',
'route' => 'GET:/admin/(\d+)',
'children' => array(
array(
'id' => 'MANAGE_STUFF',
'name' => 'Manage Stuff',
'route' => 'GET:/resource/(\d+)'
),
array(
'id' => 'MANAGE_PRODUCTS',
'name' => 'Manage Products',
'route' => 'GET:/resource/(\d+)'
),
array(
'id' => 'MANAGE_USERS',
'name' => 'Manage Users',
'route' => 'GET:/resource/(\d+)',
'children' => array(
array(
'id' => 'MANAGE_SPEC_USER',
'name' => 'Manage spec user',
'route' => 'GET:/resource/(\d+)'
)
)
)
)
),
array(
'id' => 'STUFF_PRIVILEGES',
'name' => 'Stuff Privileges',
)
)
When you are satisfy how your configuration file look like, run next artisan command:
php artisan acl:update
This command you need to run every time when you update config file with new permissions.
If you want to delete all permissions (including user permissions), and again reload permissions from config file you can use this command:
php artisan acl:reset
Here is the list of all artisan commands:
acl:install
Create basic ACL table structure.acl:install clean
Delete all acl tables, reset config file to default version and again create basic ACL table structure.acl:update
Update all ACL permissions from config file.acl:reset
Reset all ACL permissions. This will delete both user and system permissions and install permissions from config fileHere are few ways how to check user permissions:
// Whether a user with ID 2 can see a list of all products
Acl::user(2)->permission('LIST_PRODUCTS')->check();
// Whether a user with ID 1 can edit product with ID 2
Acl::user(1)->permission('EDIT_PRODUCT', 2)->check();
// Can currently authenticated user edit product with ID 2
Acl::permission('EDIT_PRODUCT', 2)->check();
// Whether a user with ID 1 can edit and delete product with ID 2
Acl::user(1)->permission('EDIT_PRODUCT', 2)
->permission('DELETE_PRODUCT', 2)
->check();
// Can user with ID 1 access /products URL
Acl::user(1)->checkRoute('GET', '/products')
// Can currently authenticated user access /products URL
Acl::checkRoute('GET', '/products');
// Get me array of product IDs that user with ID 1 can edit
Acl::user(1)->permission('EDIT_PRODUCT')->getResourceIds();
// Get me array of product IDs that user with ID 1 can not edit
Acl::user(1)->permission('EDIT_PRODUCT')->getResourceIds(false);