1. Go to this page and download the library: Download kompo/auth library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
kompo / auth example snippets
// In your database seeder
Permission::create([
'permission_key' => 'User',
'permission_name' => 'User Management',
'permission_section_id' => $adminSection->id,
]);
Permission::create([
'permission_key' => 'User.sensibleColumns',
'permission_name' => 'Access to sensitive user fields',
'permission_section_id' => $adminSection->id,
]);
// Add to your admin panel
new RolesAndPermissionMatrix()
_Button('Assign Role')->selfGet('getAssignRoleModal')->inModal()
public function getAssignRoleModal()
{
return new AssignRoleModal([
'user_id' => $userId,
'team_id' => $teamId, // Optional
]);
}
new TeamMembersList(['team_id' => $teamId])
new OptionsRolesSwitcher()
// Control security behavior with these properties
protected $readSecurityRestrictions = true;
protected $saveSecurityRestrictions = true;
protected $deleteSecurityRestrictions = true;
protected $restrictByTeam = true;
// Define sensitive fields that
// Use system methods for privileged operations
$model->systemSave();
$model->systemDelete();
// Set bypass flag before operation
$model->_bypassSecurity = true;
$model->save();
// Remove global scopes for a specific query
Model::withoutGlobalScope('authUserHasPermissions')->get();
// When a model has a user_id column matching the authenticated user,
// security restrictions are automatically bypassed
// This is built into HasSecurity plugin and
// For more complex ownership relationships, define this scope in your model:
public function scopeUserOwnedRecords($query)
{
// Define your logic for identifying records owned by current user
// Examples:
return $query->where('user_id', auth()->id());
// Or for more complex relationships:
return $query->where('creator_id', auth()->id())
->orWhereHas('participants', function($q) {
$q->where('user_id', auth()->id());
});
}
// For even more complex scenarios, you can define:
public function usersIdsAllowedToManage()
{
// Return array of user IDs that should have access regardless of permissions
return [$this->user_id, $this->manager_id, $this->company->owner_id];
}
// Basic syntax
_Button('Create user')->checkAuth('User');
// Example with nested components
_Rows(
_Html('Access to people')->checkAuth('Person'),
_Link('View details')->checkAuth('Project', PermissionTypeEnum::READ),
_Button('Edit profile')->checkAuth('User', PermissionTypeEnum::WRITE)
);
// checkAuth(resource, permission type, team, message)
_Button('Delete')
->checkAuth(
'Record', // Resource to check
$teamId, // Team ID (optional)
false // Retun null instead of a void element
);
// In your models (default settings)
class Document extends Model
{
// No configuration needed - security is enabled by default
}
// In your database
// Create permissions for each resource and assign them to specific roles
// In config/kompo-auth.php
'security' => [
'default-read-security-restrictions' => false,
'default-save-security-restrictions' => false,
]
// Then activate security only on specific models
class SensitiveDocument extends Model
{
protected $readSecurityRestrictions = true;
protected $saveSecurityRestrictions = true;
}
// Explicit checks where needed
if (!auth()->user()->hasPermission('Report', PermissionTypeEnum::WRITE)) {
return redirect()->back()->withErrors('Unauthorized');
}
// In sensitive models
protected $readSecurityRestrictions = true;
protected $sensibleColumns = ['confidential_data'];
// In UI for critical elements
_Button('Delete account')->checkAuth('User', PermissionTypeEnum::ALL);
// Check if user can view a specific resource
if ($user->hasPermission('Project', PermissionTypeEnum::READ, $teamId)) {
// Show resource
}
if (auth()->user()->hasPermission('User', PermissionTypeEnum::READ)) {
// User can read User records
}
// Check for team-specific permission
if (auth()->user()->hasPermission('Post', PermissionTypeEnum::WRITE, $teamId)) {
// User can write to Posts in the specific team
}
// Get all teams where user can manage Projects
$teamIds = auth()->user()->getTeamsIdsWithPermission('Project', PermissionTypeEnum::WRITE);
// Give a user permission directly on their current team role
auth()->user()->givePermissionTo('CreateReports');
// Or specify a team role
auth()->user()->givePermissionTo('ManageUsers', $teamRoleId);
// Check permission existence
Permission::findByKey('User')->exists();
// Test permission with debug mode
auth()->user()->hasPermission('User', PermissionTypeEnum::READ, null, true);
// Check team permissions
auth()->user()->hasAccessToTeam($teamId);
$teamsWithAccess = auth()->user()->getTeamsIdsWithPermission('Resource');
// Cache inspection
\Cache::get('currentPermissions' . auth()->id());
\Cache::tags(['permissions'])->flush(); // Force clear cache
// Does the permission exist?
\Kompo\Auth\Models\Teams\Permission::findByKey('User')
// Does user have access? (Debug mode)
auth()->user()->hasPermission('User', PermissionTypeEnum::READ, null, true)
// Add this scope to your model
public function scopeUserOwnedRecords($query)
{
// Logic to identify user's own records
return $query->where('user_id', auth()->id());
}