Laravel ACL

ACL component for Laravel 4

View the Project on GitHub Vivify-Ideas/laravel-acl

Laravel ACL

ACL component for Laravel 4.

Installation

First you need to install this package through Composer. Edit your project's composer.json file to require vivify-ideas/acl.

  "require": {
    "vivify-ideas/acl": "dev-master"
  },
  "minimum-stability" : "dev"

Next, update Composer from the Terminal:

  composer update

Once this operation completes, you will need to add the service provider into your app. Open app/config/app.php, and add a new item to the providers array.

  'VivifyIdeas\Acl\AclServiceProvider

And also add new alias into aliases array.

  'Acl' => 'VivifyIdeas\Acl\Facades\Acl',

Last step is to create main structure for keeping ACL. You can easy done this by running artisan command:

php artisan acl:install

This will use current permission provider (Eloquent) and create DB structure for saving permissions. It will create 2 additional tables acl_permissions and acl_user_permissions.

That's it! You're all set to go.

Configuration

After runing artisan acl:install command, you will get a new config file in app/config/packages/vivify-ideas/acl/config.php.

There you will notice 5 sections.

Provider

'provider' => 'eloquent'

Main feature of this ACL component is PermissionsProvider. Permission provider represent class that handle permissions. Currently there is only one permission provider Eloquent (you can assume that permissions will be stored in DB that you specified on your project).

SuperUsers

'superusers' => array()

Here you can define user IDs that will have superuser rights. This users will be able allowed all permissions.

GuestUser

'guestuser' => 0

Put here ID that will used for setting permissions to guest users.

Permissions

'permissions' => array()

Here you need to put all permissions that exist in your system. Permissions need to be in next format

array(
  array(
    'id' => 'PERMISSION_ID',
    'allowed' => true|false,
    'route' => array('GET:/resource/(\d+)/edit', 'PUT:/resource/(\d+)'),
    'resource_id_required' => true|false,
    'name' => 'Permission name',
    'group_id' => 'GROUP_ID_1', // optional
  ), array(
    'id' => 'PERMISSION_ID_2',
    'allowed' => true|false,
    'route' => 'GET:/resource/(\d+)',
    'resource_id_required' => true|false,
    'name' => 'Permission 2 name'
    'group_id' => 'GROUP_ID_2', // optional
  )
 )

Groups

'groups' => array()

Every permission can belong to some group. You can have groups that belongs to other group. Every group can have a route. Use next format:

array(
  array(
    'id' => 'ADMIN_PRIVILEGES',
    'name' => 'Administrator Privileges',
    'route' => 'GET:/admin/(\d+)',

    'children' => array(
      array(
        'id' => 'MANAGE_STUFF',
        'name' => 'Manage Stuff',
        'route' => 'GET:/resource/(\d+)'
      ),
      array(
        'id' => 'MANAGE_PRODUCTS',
        'name' => 'Manage Products',
        'route' => 'GET:/resource/(\d+)'
      ),
      array(
        'id' => 'MANAGE_USERS',
        'name' => 'Manage Users',
        'route' => 'GET:/resource/(\d+)',

        'children' => array(
          array(
            'id' => 'MANAGE_SPEC_USER',
            'name' => 'Manage spec user',
            'route' => 'GET:/resource/(\d+)'
          )
        )
      )
    )
  ),
  array(
    'id' => 'STUFF_PRIVILEGES',
    'name' => 'Stuff Privileges',
  )
)

Usage

When you are satisfy how your configuration file look like, run next artisan command:

php artisan acl:update

This command you need to run every time when you update config file with new permissions.

If you want to delete all permissions (including user permissions), and again reload permissions from config file you can use this command:

php artisan acl:reset

Available Artisan commands

Here is the list of all artisan commands:

Checking permissions

Here are few ways how to check user permissions:

// Whether a user with ID 2 can see a list of all products
Acl::user(2)->permission('LIST_PRODUCTS')->check();

// Whether a user with ID 1 can edit product with ID 2
Acl::user(1)->permission('EDIT_PRODUCT', 2)->check();

// Can currently authenticated user edit product with ID 2
Acl::permission('EDIT_PRODUCT', 2)->check();

// Whether a user with ID 1 can edit and delete product with ID 2
Acl::user(1)->permission('EDIT_PRODUCT', 2)
            ->permission('DELETE_PRODUCT', 2)
            ->check();

// Can user with ID 1 access /products URL
Acl::user(1)->checkRoute('GET', '/products')

// Can currently authenticated user access /products URL
Acl::checkRoute('GET', '/products');

// Get me array of product IDs that user with ID 1 can edit
Acl::user(1)->permission('EDIT_PRODUCT')->getResourceIds();

// Get me array of product IDs that user with ID 1 can not edit
Acl::user(1)->permission('EDIT_PRODUCT')->getResourceIds(false);