README

Documentation, Installation, and Usage Instructions

To get started with using the package, we'll install it using the following command:

add the private repository in your composer.json file

"repositories": [
	{
		"type": "vcs",
		"url": "git@gitlab.bfedition.com:bigcity/bigcity-instances/bigfiveedition-laravel-permission.git"
	}
],

composer require bigfive-edition/laravel-bfe-permission

Now that we've installed the package, we'll need to publish the database migration and config file:

php artisan bfe-permission:install

We can now run the migrations to create the new tables in our database:

php artisan migrate

Assuming that we are using the default config values and haven't changed anything in the package's config/bfe-permission.php, we should now have five new tables in our database:

We can also generate the default

php artisan bfe-permission:generate-teams
php artisan bfe-permission:generate-roles
php artisan bfe-permission:generate-abilities

Http Routes

it comes with default routes for managing team, roles, and abilities check the postman collection

{routes_prefix}/bfe-permissions/teams
{routes_prefix}/bfe-permissions/teams/{team_id}/models

{routes_prefix}/bfe-permissions/roles
{routes_prefix}/bfe-permissions/roles/{role_id}/models

{routes_prefix}/bfe-permissions/abilities
{routes_prefix}/bfe-permissions/abilities/{ability_id}/models

Http Route Middlewares

Adding routes middlewares as follow. Note that the | is for OR operations and the & is for AND operations

bfe-permission.teams:waiters|managers
bfe-permission.teams:waiters&managers

bfe-permission.roles:admin|system_admin
bfe-permission.roles:admin&system_admin

bfe-permission.abilities:read_all_users|create_one_vehicle
bfe-permission.abilities:read_all_users&create_one_vehicle
bfe-permission.abilities:read_all_users|create_one_vehicle,{resource_class},{resource_id}
bfe-permission.abilities:read_all_users&create_one_vehicle,{resource_class},{resource_id}

Gates and Policies [refer to https://laravel.com/docs/9.x/authorization]

Here are the predefined abilities beside the ones autogenerated and managed by admin in bfe_permission_abilities table

bfe-permission-belongs-teams: checks if the user belongs to passed teams

Gate::allows('bfe-permission-belongs-teams', 'admin')
Gate::forUser($user)->allows('bfe-permission-belongs-teams', 'admin | manager')
Gate::forUser($user)->allows('bfe-permission-belongs-teams', 'admin & manager')

bfe-permission-has-roles: checks if the user has passed roles

Gate::allows('bfe-permission-has-roles', 'admin')
Gate::forUser($user)->allows('bfe-permission-has-roles', 'admin | waiter')
Gate::forUser($user)->allows('bfe-permission-has-roles', 'admin & waiter')

bfe-permission-has-abilities: checks if the user has passed abilities on passed resource

Gate::allows('bfe-permission-has-abilities', 'create_user')
Gate::forUser($user)->allows('bfe-permission-has-abilities', 'create_user | delete_user')
Gate::forUser($user)->allows('bfe-permission-has-abilities', 'create_user & delete_user')
Gate::forUser($user)->allows('bfe-permission-has-abilities', ['create_user | delete_user', $resourceObject])
Gate::forUser($user)->allows('bfe-permission-has-abilities', ['create_user & delete_user', $resourceObject])

ability-name: checks if the user has ability on passed resource

Gate::allows('ability-name')
Gate::forUser($user)->allows('ability-name', $resourceObject)