Download the PHP package kordy/auzo-tools without Composer
On this page you can find all versions of the php package kordy/auzo-tools. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download kordy/auzo-tools
More information about kordy/auzo-tools
Files in kordy/auzo-tools
Package auzo-tools
Short Description Helper functions that makes it very easy to manage Laravel authorization and provides a central authorization management. Compatible with Laravel versions 5.1, 5.2, and 5.3
License MIT
Informations about the package auzo-tools
This package is a set of tools for Laravel 5.1, 5.2, and 5.3 to facilitate authorize management for your Laravel project or package. You can use AuzoTools to manage authorization in your project, or to provide configurable authorization option for your package users.
Tools included:
- Manage Laravel authorization.
- Automatic abilities generator for models.
- Route authorize middleware.
- Controller authorize validation rule.
- Model fields policy.
Installation
You can install the package via composer:
This service provider must be installed.
You can publish the translations with:
You can publish the config file with:
Usage
Manage Laravel authorization
AuzoTools can help you manage abilities for any number of resources and manage restriction policies for who can access them using functions as parameters. You can use AuzoTools to manage authorization in your project, or to provide configurable authorization option for your package users.
Parameter functions can act as policies, so when AuzoTools is evaluating a user access to a resource/model record, it will pass these information to the function you specified as a parameter, your function will evaluate user information against the resource they want to access, then return a boolean decision to allow the user access or not.
See an example at the test file
You have two ways to define policies, either callbacks or a dedicated class methods.
1. Callbacks policies
Create config file as this one:
2. Dedicated class methods
Create config file as this one:
Create a policy class that holds policies methods
Finally:
Load Abilities to Laravel Gate at boot by runing the \AuzoToolsPermissionRegistrar::registerPermissions($abilities_policies)
in your service provider
Now you can authorize users at any point in your project or package:
More details: https://laravel.com/docs/master/authorization#authorizing-actions-using-policies
Automatic abilities generator
Give it a name and it automatically generates abilities names matching the default route resource names or custom name fix.
Generate CRUD abilities for a model
This will generate ability name per each route path:
In config/auzo-tools.php, you can modify the CRUD for what route paths to generate for:
Generate CRUD abilities for a model fields
It can also generate full list of abilities for a model fields like so:
This will generate ability name per each model column per each model route path:
Saving generated abilities as json string to a file
Encodes the results in a json string and save it to given file path:
Flatten Output:
Route authorize middleware
This is a Route middleware that can be used with routes or in the Http controllers to check user authorization before accessing the requested resource.
use it with parameter:
This will check if the user has authorize ability for 'user-profile'
Automatic authorization check
With named route
, you might use the middleware with no parameter for automatic
authorization.
- It will check if user is authorized for the route name
user.profile.test
- If route does not have name, then it will check against the
Controller@action
Controller authorize validation rule
This is a custom validation rule auzo.can
that check if the user is authorized
against a passed parameter for the field ability name.
if user is not authorized, a validation error is generated, to modify the generated
error message, modify resource/lang/vendor/auzo-tools/en/validation.php
:
Model fields policy
Very useful for API, where you can change hidden, fillable, and guarded columns based on user authorization before the model data is being sent to the user.
First make sure you added the ModelFieldsPoilcy trait to your models.
Example: In your model files add this after class declaration:
Pass the model ability fix, so it checks for each field name attached to the ability fix and check if user is authorized for the generated ability.
So if model has fields name
, email
, password
, and yoe pass user.show
fix,
Then it will check authorization for:
check for the name
field if the user has ability user.show.name
check for the email
field if the user has ability user.show.email
check for the password
field if the user has ability user.show.password
and so on.
Make unauthorized columns hidden
Make unauthorized columns not fillable
Make unauthorized columns guarded
Contributing
Please see CONTRIBUTING for details.
License
The MIT License (MIT). Please see License File for more information.