outl1ne/nova-permissions
Composer 安装命令:
composer require outl1ne/nova-permissions
包简介
Laravel Nova Permissions (Roles and Permission based Access Control)
关键字:
README 文档
README
Add Access Control by means of User based Roles and Permissions to your Nova installation. Includes default User and Role Policies which can be managed through your Nova Admin Panel.
This tool uses the Silvanite\Brandenburg package under the hood to manage user roles. Brandenburg is used because it has clear separation of concerns
This package is a fork of the unmaintained Nova 3 version of Silvanite/novatoolpermissions.
Screenshots
Premise
Roles are defined in the Database
Permissions are defined in the Codebase
As a result, you won't see any Permissions resource. The Roles resource will get the permissions from the Gates defined in your code.
Installation
Install the tool using composer
composer require outl1ne/nova-permissions
Run the migrations to add the database tables required by Brandenburg.
php artisan migrate
Add the HasRoles trait to your User model as per the Brandenburg installation instructions.
// app/User.php use Silvanite\Brandenburg\Traits\HasRoles; class User extends Authenticatable { use HasRoles; ... }
Load it into your Nova Tools to display the Roles within your Resources
// app/Providers/NovaServiceProvider.php use Outl1ne\NovaPermissions\NovaPermissions; public function tools() { return [ new NovaPermissions(), ]; }
You can assign Users to Roles from the Role resource, however if you want to assign Roles from your User resource you will need to add an additional relationship.
// app/Nova/User.php use Outl1ne\NovaPermissions\Nova\Resources\Role; public function fields(Request $request) { return [ ... BelongsToMany::make('Roles', 'roles', Role::class), ]; }
If you are not using the defaul App\Nova\User Resource you can customise this by publishing the nova-permissions config and setting your User resource model.
php artisan vendor:publish --provider="Outl1ne\NovaPermissions\Providers\PackageServiceProvider"
Remove the default viewNova Gate to use the Gate included by this package. You will need to keep the gate() method in place, just empty it.
Note: Nova will always allow access in development environments.
// app/Providers/NovaServiceProvider.php protected function gate() { // }
Usage
Once installed, go ahead and create your first Role. E.g. Administrator and assign all permissions to your new Role.
Finally assign the Administrator Role to your user account.
Note: By default, the package allows anyone access to a permission if no single user has access to it. This is to prevent you from locking yourself out of features. As such, it is important to define your primary admin role which has access to all permissions, meaning nobody else has access unless you specifically grant it.
Default Permissions
This package comes with a set of default permissions to provide full access control to the package's functionality. Permissions come with default english translations to provide a better user experience. You are free to replace these with translations in your applications json translations.
{
"viewNova": "Access Nova",
"viewRoles": "View Roles",
"manageRoles": "Manage Roles",
"assignRoles": "Assign Roles",
"viewUsers": "View Users",
"manageUsers": "Manage Users"
}
Custom permissions
To create your own permissions, simply define them in your service provider and create a Policy for your resource/model. Let's work with a common Blog example and assume that you have a Blog Model and Resource in your application.
Create a Policy for your Nova Resource
Create a new policy for your blog
php artisan make:policy BlogPolicy
Let's assign the Policy and define our Gates.
// app/Providers/AuthServiceProvider.php use Silvanite\Brandenburg\Traits\ValidatesPermissions; class AuthServiceProvider extends ServiceProvider { use ValidatesPermissions; protected $policies = [ \App\Blog::class => \App\Policies\BlogPolicy::class, ]; public function boot() { collect([ 'viewBlog', 'manageBlog', ])->each(function ($permission) { Gate::define($permission, function ($user) use ($permission) { if ($this->nobodyHasAccess($permission)) { return true; } return $user->hasRoleWithPermission($permission); }); }); $this->registerPolicies(); } }
Finally, specify the access control in your Policy as per the Nova documentation.
// app/Policies/BlogPolicy.php use Illuminate\Support\Facades\Gate; public function viewAny($user) { return Gate::any(['viewBlog', 'manageBlog'], $user); } public function view($user, $post) { return Gate::any(['viewBlog', 'manageBlog'], $user, $post); } public function create($user) { return $user->can('manageBlog'); } public function update($user, $post) { return $user->can('manageBlog', $post); } public function delete($user, $post) { return $user->can('manageBlog', $post); } public function restore($user, $post) { return $user->can('manageBlog', $post); } public function forceDelete($user, $post) { return $user->can('manageBlog', $post); }
And add your labels to your translations to keep everything tidy.
{
"viewBlog": "View Blog",
"manageBlog": "Manage Blog"
}
This example is a super-simple implementation. You can define your Gates as in any standard Laravel Application and can simply add the additional checks to validate them against your assigned Roles and Permissions.
Access Control
Sometimes you might want to prevent some users from accessing content, but not others. To achieve this, use the included HasAccessControl.php trait on your model.
To check if a user has the correct permissions to view your content, either load the AccessControlServiceProvider to register the accessControl gate globally. Or include the AccessControlGate trait on your models policy.
On your Nova resource, add the AccessControl field. This will display all roles with the canBeGivenAccess permission. To protect content from being accessed, at least one Role has to be given access to the model, otherwise the resource will be available to everyone.
public function fields(Request $request) { return [ // ... AccessControl::make(), // ... ] }
Credits
- Marco Mark (@m2de) - Original creator of Silvanite/novatoolpermissions
- Tarvo Reinpalu
License
Nova Permissions is open-sourced software licensed under the MIT license.
outl1ne/nova-permissions 适用场景与选型建议
outl1ne/nova-permissions 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.23k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2022 年 07 月 11 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「authorization」 「Authentication」 「nova」 「tool」 「acl」 「laravel」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 outl1ne/nova-permissions 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 outl1ne/nova-permissions 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 outl1ne/nova-permissions 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A Laravel Nova card that shows you your system information.
A Laravel Nova card.
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
统计信息
- 总下载量: 10.23k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 22
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2022-07-11

