Download the PHP package centeron/laravel-roles-permissions without Composer

On this page you can find all versions of the php package centeron/laravel-roles-permissions. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-roles-permissions

Roles and Permissions for Laravel (RBAC)

Description

Laravel has Access Control List (ACL) out of the box to work with user permissions. However, if you need to build a flexible access system based on roles and permissions with an inheritance, take into account their trigger logic. Futhermore, saving all of that in a database the basic functionallity will not be enough. The current laravel package is a simple powerful instument which allows development of both regular RBAC and the most complicated systems via simple integration within your application.

What does this package support?

Installation

You can install the package via composer:

You can publish the config file with:

After the command has been executed you can change database table names in config/permissions.php file. You also can change cache settings.

Publish the migration with:

And perform the migration:

Usage

First of all add the trait Centeron\Permissions\Traits\HasAuthItems to your model User

Now User can add roles and permissions, check ability for access, etc. Every user can attach multiple roles and permissions. Permissions can be attached to roles, models and other parent permissions. The same opportunities are available for roles. In fact there is no real difference between role and permission. It is merely a formal devision of authoriztion items (auth-items) for logic types. Feel free to add as much new types of auth-items as you need in your laravel application.

Creating, deleting, inheriting roles and permissions

To add new role or permission:

AuthItem is an extended Eloquent model. So you can use any Eloquent-command you need including deleting:

Using addChilds and addParents you can add parent and child items, organizing hierarchy of any depth you require:

Similarly removeChilds and removeParents remove these relations (without deleting entitities AuthItem themselves).

In the example above the variables are instances of AuthItem. However you can use names of roles and permissions or even their ID as parameters. Method recognizes how to work with these parameteres by parameter`s types (int/string/class). I.e. the next code will work correctly as well:

You can check whether the item has rights of other items (in other words whether is a child in any generation) with the fucntion hasAny (has any of the given items) and hasAll(has all of the given items). Of course, these methods are equal if has been given only one parameter.

Attaching roles and permissions to users

Empowering models can occur as from model side using a trait. Centeron\Permissions\Traits\HasAuthItems:

as from roles/permission`s side giving assigning models as parameters to them:

A permission (role) can be detached from a user using detachAuthItems:

Using via trait

You can determine if a user has roles and permissions:

But there can be a case when users should only edit own posts, or only if they have approptiate rating for that. In such cases we have to use other functions:

More about conditional access in chapter Advanced usage

Using via gate

The standard way to check rights using facade Gate also works. You still may use methods check, allow and denies of Gate:

You do not need to use method define. All definitions are housed in the database. Rights inheritance is taken into account.

In controllers you may use helper as well:

Using via middleware

You can protect your routes using middleware rules with a middleware can which is available out of the box:

Using via Blade directives

In view files it is convenient to use Blade directives:

For conditional permissions the following directives should be:

More about conditional access in chapter Advanced usage

Artisan commands

The current package provides a full list of necessary console commands to work with RBAC:

Advanced usage of permissions

An overwhelming majority of RBAC usage doesn't need any logic for their triggering. We mark areas by string identifiers and then check whether the user has permision for that particular area. Sometimes this is not enough. What if a user only needs to edit their own posts or posts which belong to certain categories? What is more categories could be added in process of time. In such situations, recoding isn’t always necessary.

We should be able, firstly, to provide the triggering logic to permissions and secondly, to retain relevant data which might be required for these rules.

For this purpose Centeron\Permissions\Models\AuthItem has 2 properties (columns in a table):

rule is a class which implements Centeron\Permissions\Contracts and has only one method handle. If this method returns true then permission/role AuthItem will enable, if false, the current permission will be ignored.

As examples this package provides 3 rules out of the box:

Access for permission authItem is available only on weekdays:

User only has access to own objects that he has created:

In this case we have to provide information about the object (ID) as a parameter.

User has access only to certain categories that have been listed in a database:

In this case we have to provide information about categories as parameters. Also, information about categories with conditional access must be saved in the data field of the table.

Apparently each of users can be associated with a certain list of categories. In such situations you shoudn't create new AuthItem with specific data and the same rule for each user. Rather, you can save data in a foreign table and provide this data to the class as parameteres along with other information.

We perform admission checks on conditional permissions not via methods hasAnyAuthItems and hasAllAuthItems, but with canAnyAuthItems and canAnyAuthItems, which require only 2 parameters. e first parameter is role/permission or an array of roles/permissions, and the second is an array of variables:

Also you can determine via trait method canAuthItems which permissions are attached to user from the passed list.

The Blade directives work according these rules. The same is true of authorize method and Gate methods.

Split of access among users by parameters

The field base_auth_id in AuthItem can be empty. It can be used to connect with otherAuthItem, which is a base item. Methods canAuthItems, canAnyAuthItems, canAllAuthItems check access not only using given permissions (and their inheritances), but also considering base_auth_id permisssions.

Let's have a look on the case when users have to have accesses to only own folders in a file manager. The permission which is responsible for the a access is AuthItem with ID=1 and name Folder View. All what we need to do is to create new permissions AuthItem for each of users with folder names in the data-field and rule-handler in the rule-field. Set 1 in base_auth_id-field (ID Folder View)

When user try to access a folder folder_name via $user->canAnyAuthItems(['Folder View'], ['folder_name']); not only the check Folder View will be made, but checking other permissions as well with base_auth_id = 1, matching folder_name with data of AuthItem applying rule.

Cache

In spite of a relatively large number of database request (from 3 to 5, depending of situation) access checking performs quickly due to the simplicity of these requests to the database(select from the indexed columns of tables). Cache gets and saves data of each tables.

Any changing of tables by the provided RBAC methods will reset the cache. You may also reset the cache manually:

Enable/disable cache, set the cache lifetime, its identifier you can by editing config/permissions.php.

Beware! In cases where the application has hundreds or thousands of roles and permisssions and their relations to users, the amount of used memory sometimes increases enormously because the information from all tablesis cached. But processing time stays about the same. Working with a disabled cache doesn't require a big amount of memory even with thousands of records in database tables because the requests are only linked with relevant data necessary for the current checking

Database structure

To implement all work, Laravel RBAC needs only 3 database tables:

Table names can be changed in config/permissions.php before running the migration.

Структура таблиц


All versions of laravel-roles-permissions with dependencies

PHP Build Version
Package Version
Requires php Version >=7.0
laravel/framework Version ~5.4.0|~5.5.0|~5.6.0|~5.7.0|~5.8.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package centeron/laravel-roles-permissions contains the following files

Loading the files please wait ....