Download the PHP package jellis/check without Composer
On this page you can find all versions of the php package jellis/check. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Package check
Short Description A very easy-to-implement user access control package designed for use with Laravel and Eloquent
License MIT
Homepage https://github.com/jellis/check
Informations about the package check
NOTE
Ensure you don't use the RoutAwareModel for your Authenticatable User model - it becomes a circular operation when applying the global scopes and you'll get a bad gateway (502) error.
What's it all about?
The purpose of the project was to create a syntactically simple way to implement context-based user access control. What does that mean, exactly? Good question...
Context-based access control
I wanted to start with the idea that I could use a really straight-forward syntax for my "things" (whatever they might be). The first concept I came up with was Check::can('post.edit')
. Because I was a fan of naming my routes, this made good sense from a flow point-of-view. Because I have my routes named, I figured I'd be able to implement middleware that would also leverage the access control system.
Adding context to the access control wasn't a trivial task. Each model will have its own context. Say in a Post
model, "owning" a post might mean that there is a user_id
field on the Post
that is equal to the current user, but in a User
model, "owning" might mean that users are in the same company as you. So, how do I have a simple syntax for implementing and checking permissions, but also giving context when the need arises?
Using the Jeffrey Way school of thought, I started with how I wanted to define things... I really wanted my Role
classes to be so simple it's almost stupid.
After starting with those two ideas, I set to work and actually managed to implement them. What we have is, I think, a simple, fluent way of managing user access.
Route Aware Models
If you have, say, a listing page for your users where they can see all posts, but can only edit their own, you'd simply have to do the following.
Register the service provider config/app.php
Register the facade in config/app.php
Name the route and assign the middleware
Create a role (assuming "member" for this user)
Configure the model to do its thing
You need to implement the getRole()
method on the user model
Register the middleware in Kernel.php
Retrieve some records in your controller
And in the view you can do things like
So you're a super admin??
Who really wants to be putting all of those routes in for super admin? Not me.
When defining your SuperAdmin role, just override the can()
method
TODO
- Implement ability to define a permission for multiple contexts
edit:own|company
- Implement multiple contexts on the scope for checking access rights
- Implement multiple contexts on the scope for pulling records from the model
- Allow ability to wildcard a thing
post.*
, whilst still retaining scope abilitypost.*:own