Download the PHP package backpack/permissionmanager without Composer
On this page you can find all versions of the php package backpack/permissionmanager. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download backpack/permissionmanager
More information about backpack/permissionmanager
Files in backpack/permissionmanager
Package permissionmanager
Short Description Users and permissions management interface for Laravel 5 using Backpack CRUD.
License proprietary
Homepage https://github.com/laravel-backpack/permissionmanager
Informations about the package permissionmanager
Backpack\PermissionManager
Admin interface for spatie/laravel-permission. It allows admins to easily add/edit/remove users, roles and permissions, using Laravel Backpack.
As opposed to some other packages:
- a user can have multiple roles;
- a user can have extra permissions, in addition to the permissions on the roles he has;
This package is just a user interface for spatie/laravel-permission. It will install it, and let you use its API in code. Please refer to their README for more information on how to use in code.
Security updates and breaking changes
Please subscribe to the Backpack Newsletter so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.
Install
0) This package assumes you've already installed Backpack for Laravel. If you haven't, please install Backpack first.
1) In your terminal:
2) Finish all installation steps for spatie/laravel-permission, which has been pulled as a dependency. Run its migrations. Publish its config files. Most likely it's:
3) Publish backpack\permissionmanager
config file & the migrations:
Note: We recommend you to publish only the config file and migrations, but you may also publish lang and routes.
4) Run the migrations:
5) The package assumes it's ok to use the default Backpack user model (most likely to administer Users. Use a different one if you'd like by changing the user model in the file. Any model you're using, make sure it's using the and traits:
6) [Optional] Add a menu item for it in :
7) [Optional] If you want to use the handler inside Backpack routes, you can:
(7.A.) Change Backpack to use the default guard instead of its own guard. Inside change:
Note:
- when you add new roles and permissions, the guard that gets saved in the database will be "web";
OR
(7.B.) Add a middleware to all your Backpack routes by adding this to your file:
Why? spatie/laravel-permission
uses the facade for determining permissions with . The facade uses the default guard defined in , NOT our backpack guard.
Please note:
- this will make return the exact same thing as on Backpack routes;
- you only need this if you want to use ; you can just as well use , which does the exact same thing, but works 100% of the time;
- when you add new roles and permissions, the guard that gets saved in the database will be "backpack";
8) [Optional] Disallow create/update on your roles or permissions after you define them, using the config file in config/backpack/permissionmanager.php. Please note permissions and roles are referenced in code using their name. If you let your admins edit these strings and they do, your permission and role checks will stop working.
Customize UserCrudController
If you would like to add more fields to the default user controller provided by this package, you can bind your own controller to overwrite the one provided in this package:
API Usage
Because the package requires spatie/laravel-permission, the API will be the same. Please refer to their README file for a complete API. Here's a summary though:
Using permissions
A permission can be given to a user:
A permission can be revoked from a user:
You can test if a user has a permission:
Saved permissions will be registered with the Illuminate\Auth\Access\Gate-class. So you can test if a user has a permission with Laravel's default can-function.
Using roles and permissions
A role can be assigned to a user:
A role can be removed from a user:
You can determine if a user has a certain role:
You can also determine if a user has any of a given list of roles:
You can also determine if a user has all of a given list of roles:
The assignRole, hasRole, hasAnyRole, hasAllRoles and removeRole-functions can accept a string, an array, a Role-object or an \Illuminate\Support\Collection-object.
A permission can be given to a role:
You can determine if a role has a certain permission:
A permission can be revoked from a role:
The givePermissionTo and revokePermissionTo-functions can accept a string or a Permission-object.
Saved permission and roles are also registered with the Illuminate\Auth\Access\Gate-class.
Using blade directives
This package also adds Blade directives to verify whether the currently logged in user has all or any of a given list of roles.
You can use Laravel's native @can directive to check if a user has a certain permission.
Use permissions in CRUD controllers
CRUD controllers have methods to dynamically allow or deny access to operations. The and methods control both:
- the form's navigation buttons display like Add, Edit, Delete and
- the security access guards, returning a 403 forbidden error when no permission.
In most cases, you should use access
and permission
separately. But if you want to link them together, so a "permission" gives "access", here is how you can do that too. Reminder: permissions can be assigned to a user either directly or through a role.
1) Define a
2) Use the above trait in any `, in this example.
Now make sure the route uses the right controller:
(3.A) by binding the package controller to your controller as explained in Customize UserCrudController
OR
(3.B) by defining the routes in your own file as explained in Overwriting fuctionality
You may wish to use a to automatically populate the table with permissions corresponding to your code. Here is an example:
Use in production
Upgrade from 3.x to 4.x
To upgrade from PermissionManager 3.x to 4.x:
- upgrade to spatie/laravel-permission 2.28.2+ - do take note that the DB has changed, and they don't provide a track of the changes;
- require version in your file;
- delete your old file;
- follow the installation steps above;
If you are upgrading to a Laravel 8 instalation, please note that User Model may have moved from to , check if your config is compliant with that change .
Change log
Please see CHANGELOG for more information what has changed recently.
Overwriting functionality
If you need to modify how this works in a project:
- create a file; the package will see that, and load your routes file, instead of the one in the package;
- create controllers/models that extend the ones in the package, and use those in your new routes file;
- modify anything you'd like in the new controllers/models;
When creating your own controllers, seeders, make sure you use the model, instead of the model in your app. The easiest would be to use which pulls in the User model fully qualified namespace, as defined in your . You might need to instantiate it using in order to do things like .
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
Please subscribe to the Backpack Newsletter so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.
Credits
- Marius Constantin - Lead Developer
- Cristian Tabacitu - Maintainer
- All Contributors
License
Backpack is free for non-commercial use and 49 EUR/project for commercial use. Please see backpackforlaravel.com for more information.
Hire us
We've spend more than 50.000 hours creating, polishing and maintaining administration panels on Laravel. We've developed e-Commerce, e-Learning, ERPs, social networks, payment gateways and much more. We've worked on admin panels so much, that we've created one of the most popular software in its niche - just from making public what was repetitive in our projects.
If you are looking for a developer/team to help you build an admin panel on Laravel, look no further. You'll have a difficult time finding someone with more experience & enthusiasm for this. This is what we do. Contact us. Let's see if we can work together.