Laravel RBAC
Super simple RBAC/ACL implementation for Laravel 5., (*1)
Installation
Require this package with composer (Packagist) using the following command, (*2)
composer require phpzen/laravel-rbac
or modify your composer.json, (*3)
"require": {
...
"phpzen/laravel-rbac": "^0.2"
}
then run composer update., (*4)
After installation register the ServiceProvider to the providers array in config/app.php, (*5)
PHPZen\LaravelRbac\RbacServiceProvider::class,
Publish migration files, (*6)
$ php artisan vendor:publish --provider="PHPZen\LaravelRbac\RbacServiceProvider" --force
Run migrations, (*7)
$ php artisan migrate
Add RBAC middleware to your app/Http/Kernel.php, (*8)
protected $routeMiddleware = [
...
'rbac' => '\PHPZen\LaravelRbac\Middleware\Rbac::class'
];
Add Rbac trait to your User model, (*9)
use PHPZen\LaravelRbac\Traits\Rbac;
class User extends Authenticatable
{
use Rbac;
...
}
Usage
Roles
Create role
$adminRole = new Role;
$adminRole->name = 'Administrator';
$adminRole->slug = 'administrator';
$adminRole->description = 'System Administrator';
$adminRole->save();
$editorRole = new Role;
$editorRole->name = 'Editor';
$editorRole->slug = 'editor';
$editorRole->description = 'Editor';
$editorRole->save();
Assign role to user
$user = User::find(1);
$user->roles()->attach($adminRole->id);
you can also assign multiple roles at once, (*10)
$user->roles()->attach([$adminRole->id, $editorRole->id]);
Revoke role from user
$user->roles()->detach($adminRole->id);
you can also revoke multiple roles at once, (*11)
$user->roles()->detach([$adminRole->id, $editorRole->id]);
Sync roles
$user->roles()->sync([$editorRole->id]);
Any role already assigned to user will be revoked if you don't pass its id to sync method., (*12)
Permissions
Create permission
$createUser = new Permission;
$createUser->name = 'Create user';
$createUser->slug = 'user.create';
$createUser->description = 'Permission to create user';
$createUser->save();
$updateUser = new Permission;
$updateUser->name = 'Update user';
$updateUser->slug = 'user.update';
$updateUser->description = 'Permission to update user';
$updateUser->save();
Assign permission to role
$adminRole = Role::find(1);
$adminRole->permissions()->attach($createUser->id);
you can also assign multiple permissions at once, (*13)
$adminRole->permissions()->attach([$createUser->id, $updateUser->id]);
Revoke permission from role
$adminRole->permissions()->detach($createUser->id);
you can also revoke multiple permissions at once, (*14)
$adminRole->permissions()->detach([$createUser->id, $updateUser->id]);
Sync permissions
$adminRole->permissions()->sync([$updateUser->id]);
Any permission already assigned to role will be revoked if you don't pass its id to sync method., (*15)
Check user roles/permissions
Roles and permissions can be checked on User instance using hasRole and canDo methods., (*16)
$isAdmin = Auth::user()->hasRole('administrator'); // pass role slug as parameter
$isAdminOrEditor = Auth::user()->hasRole('administrator|editor'); // using OR operator
$canUpdateUser = Auth::user()->canDo('update.user'); // pass permission slug as parameter
$canUpdateOrCreateUser = Auth::user()->canDo('update.user|create.user'); // using OR operator
Protect routes
Laravel RBAC provides middleware to protect single route and route groups. Middleware expects 2 comma separated params:
- is or can as first param - what to check (role/permission)
- role/permission slug as second param, (*17)
Route::get('/backend', [
'uses' => 'BackendController@index',
'middleware' => ['auth', 'rbac:is,administrator']
]);
Route::get('/backend', [
'uses' => 'BackendController@index',
'middleware' => ['auth', 'rbac:is,administrator|editor']
]);
Route::get('/dashboard', [
'uses' => 'DashboardController@index',
'middleware' => ['auth', 'rbac:can,view.dashboard']
]);
Route::get('/dashboard', [
'uses' => 'DashboardController@index',
'middleware' => ['auth', 'rbac:can,view.dashboard|view.statistics']
]);
Blade directive
Laravel RBAC provides two Blade directives to check if user has role/permission assigned., (*18)
Check for role, (*19)
@ifUserIs('administrator')
// show admin content here
@else
// sorry
@endif
@ifUserIs('administrator|editor')
// show editor content here
@else
// sorry
@endif
Check for permission, (*20)
@ifUserCan('delete.user')
// show delete button
@endif
@ifUserCan('delete.user|manage.user')
// show delete button
@endif
License
Laravel RBAC is open-sourced software licensed under the MIT license, (*21)
Wallogit.com
PHPZen