定制 antonioprimera/laravel-basic-permissions 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

antonioprimera/laravel-basic-permissions

Composer 安装命令:

composer require antonioprimera/laravel-basic-permissions

包简介

A simple package enabling the use of roles and permissions from a config file in a Laravel app.

README 文档

README

Overview

This package allows you to use simple roles with permissions in your application. Roles are configured in a 'permissions.php' config file and contain a list of roles, with their permissions (allowed actions) and optionally a set of roles they inherit.

Here's a simple example of a permissions config file:

return [
    'roles' => [
        'super-admin' 	=> [			//role name
            'permissions' => '*'        //permissions or wildcard
        ],
		
        'store-admin'	=> [			//role name
            'permissions' => [			//permission list (keyword: permissions)
                'store' => [			//scope
                    'manage'			//permission
                ],
                'items' => '*'
            ],
            
            'roles' => [				//inherited role list (keyword: roles / inherits)
                'customer',				//role
                'store-clerk',			//role
            ],
        ],
        
        'store-clerk' => [
            'permissions' => [
                'greet-customers',
                //... other permissions
            ],
        ],
        
        //other roles
    ],
];

You could add the 'store-admin' role to a user:

$user->setRole('store-admin');

You can check different permissions on the user like so:

$user->hasPermission('store:manage');           //true
$user->hasPermission('store:delete');           //false

$user->hasPermission('items.any-permission');   //true
$user->hasPermission('greet-customers');        //true (inherited from role: store-clerk)

Installation

Install the package in your Laravel project via composer:

composer require antonioprimera/laravel-basic-permissions

The package exposes a migration, which adds a role column to the users table, so you should run the artisan migrate command:

php artisan migrate

Add the AntonioPrimera\BasicPermissions\ActorInterface interface and the AntonioPrimera\BasicPermissions\ActorRolesAndPermissions trait to your User model.

Next, you should add the custom attribute cast to your User model like so:

protected $casts = [
    'role' => \AntonioPrimera\BasicPermissions\RoleCast::class,
    //...other attribute casts
];

This will cast the role attribute into a Role instance.

Usage

The basic usage is demonstrated in the example in the Overview section above.

Setting a role

Just add one of your configured roles, or the pre-configured super-admin role to a User model (or any other actor implementing the ActorInterface from this package).

$user->setRole('store-admin');

If you use the custom RoleCast class for the role attribute, you can set the role by assigning a Role instance to the role attribute of the model:

$user->role = new \AntonioPrimera\BasicPermissions\Role('store-admin');
$user->save();

Querying a role permission

In your Laravel Policies, you can check whether the role assigned to an actor allows a specific action, meaning that it has a specific permission (either directly, or inherited from another role):

if ($user->hasPermission('store:manage'))
    //do something

Querying several permissions at once

You can check whether an actor is allowed all permissions from a list of permissions:

//provide the list of permissions as an array
if ($user->hasAllPermissions(['store:manage', 'items:move', 'items:sell']))
    //do something only if the actor has all the above permissions

//OR

//provide the list of permissions as separate arguments
if ($user->hasAllPermissions('store:manage', 'items:move', 'items:sell'))
    //do something only if the actor has all the above permissions

You can check whether an actor is allowed at least one permission from a list of permissions:

//provide the list of permissions as an array
if ($user->hasAnyPermission(['store:manage', 'items:move', 'items:sell']))
    //do something if the actor has at least one of the above permissions

//OR

//provide the list of permissions as separate arguments
if ($user->hasAnyPermission('store:manage', 'items:move', 'items:sell'))
    //do something if the actor has at least one of the above permissions

Configuration

You can configure your roles in your permissions.php config file, under the roles key, like the example from the Overview section above.

Each role should have a list of permissions, maintained in its permissions or actions attribute and can optionally have a roles or inherits attribute, specifying a list of inherited roles.

Permissions

Permissions can be an array of simple strings (like ['greet-customer', ...] in the example above), or nested in arrays (like 'store:manage' in the example above). Nested permissions are addressed via their column (':') separated path.

A star ('*') wildcard can be used for any permission level, which can be substituted with any permission (either direct or nested). See the example from the Overview section above, where the 'store-admin' role has any permission under the 'items' permission set. Also, you can see that the 'super-admin' role should be allowed any action, because any permission query for this role will return true. Note: the wildcard permission should be provided as a stand-alone string, not inside an array

Permission sets are like permission white-lists. A permission, which is not specifically added or inherited, will not be allowed. For example, you can not deny a specific inherited permission for a role.

Inherited roles

Once a role is defined, additionally to its own permissions, it can also inherit the permissions of other roles, which, may also inherit other permissions themselves (any inheritance depth). Although, the application will not break if you define roles with circular inheritance (e.g. role_1, inherits role_2, which inherits role_1), this might have unexpected outcomes, so please try to avoid it.

You can use the roles array key to define the array of inherited roles. It's a matter of preference, which key you use - their scope is identical.

Permission Labels

In order to display the roles for humans, you can add a label attribute to each role. This label can be used in dropdown menus or when displaying the role in the UI. If no label is provided, the role name will be used instead.

The role label can be provided as a string or as an array with translations. When a translation is provided, the application will try to use the current locale to display the label. If no translation is found for the current locale, the fallback locale will be used instead.

Here's an example of a role with a label in English and Spanish:

'store-admin'	=> [
    'label' => [
        'en' => 'Store Admin',
        'es' => 'Administrador de Tienda',
    ],
    //...other role attributes
],

Permission Description

You can add a description to each permission, which can be used to display a tooltip or a help text in the UI. The description can be provided as a string or as an array with translations. When a translation is provided, the application will try to use the current locale to display the description. If no translation is found for the current locale, the fallback locale will be used instead.

Here's an example of a permission with a description in English and Spanish:

'store:manage'	=> [
    'description' => [
        'en' => 'Allows the user to manage the store',
        'es' => 'Permite al usuario administrar la tienda',
    ],
    //...other permission attributes
],

String and Html representations

The role can be cast to string, which will return the role label. If no label is provided, the role name will be returned instead.

The role can also be cast to Html, which is useful when displaying the role in a blade file. The Html representation will return the role label. If no label is provided, the role name will be returned instead.

(string) $role; //returns the role label, or the role name if no label is provided

//in a blade file:
{{ $role }} //returns the role label, or the role name if no label is provided

Testing specific permissions

Because Testing is (or should be) an important part of the development process, this package has some built-in helpers, to enable easy testing. Simply put, you can add and remove specific transient permissions to the actor instance. As the label implies, these permissions are transient and will not be saved to the DB or to any config. They will be gone the next time you fetch the actor from the DB (or create a new instance of this actor).

Assign a transient / temporary permission

In your tests, you might want to check that a specific action can be done only by actors with a specific permission. To add a single permission to the actor, you can use the following syntax:

$user->assignTemporaryPermission('some:permission:name');

All checks for this, permission will return true, until this user is destroyed and re-read from the DB. Please be aware that the transient permissions are saved on the instance, so a $user->refresh() call will not reset these transient permissions.

Remove a transient / temporary permission

You can remove a temporary (transient) permission from an actor, with the following method:

$user->removeTemporaryPermission('some:permission:name');

Clear all transient / temporary permissions

You can remove all temporary (transient) permissions from an actor, with the following method:

$user->clearTemporaryPermissions();

antonioprimera/laravel-basic-permissions 适用场景与选型建议

antonioprimera/laravel-basic-permissions 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 371 次下载、GitHub Stars 达 1, 最近一次更新时间为 2022 年 03 月 31 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 antonioprimera/laravel-basic-permissions 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 antonioprimera/laravel-basic-permissions 我们能提供哪些服务?
定制开发 / 二次开发

基于 antonioprimera/laravel-basic-permissions 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 371
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 20
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2022-03-31