Simple acl with laravel
0 likes2,644 views
The document describes how to create a simple access control list (ACL) for Laravel using migrations and models. It includes instructions for creating database tables to store user groups, permissions, and their relationships using migrations. Models are defined for groups, permissions, and user-group relationships. Filters are added to routes to check a user's permissions and redirect if not allowed.
![return $this->attributes['ident'];
}
}
AclPermitted.php
<?php
class AclPermittedFilter {
public function filter($route, $request){
$user = Auth::user();
$user->load('groups', 'groups.permissions');
$permitted = false;
foreach($user->groups as $group){
if ( $group->permissions->contains($route->getName()) ){
$permitted = true;
break;
}
}
if (!$permitted) {
return Redirect::route('user.denied');
}
}
public static function checkPermission($route)
{
$user = Auth::user();
$user->load('groups', 'groups.permissions');
$permitted = false;
foreach($user->groups as $group){
if ( $group->permissions->contains($route) ){
$permitted = true;
break;
}
}
return $permitted;
}
}
Sample Usage
routes.php
Route::filter('acl.permitted', 'AclPermittedFilter');](https://image.slidesharecdn.com/simpleaclwithlaravel-140529075928-phpapp01/85/Simple-acl-with-laravel-5-320.jpg)
![Route::group(array('prefix'=>'user'), function () {
Route::get('supersecret', array(
'before'=> ['auth.ldap', 'acl.permitted'],
'as' => 'user.supersecret',
'uses' => 'UserController@supersecret'
));
Route::get('denied', array(
'as' => 'user.denied',
'uses' => 'UserController@denied'
));
});
From a view
@if ( AclPermittedFilter::checkPermission('user.supersecret') )
<h5> You are allowed to view secret stuff</h5>
@endif](https://image.slidesharecdn.com/simpleaclwithlaravel-140529075928-phpapp01/85/Simple-acl-with-laravel-6-320.jpg)
Simple acl with laravel
- 1. Simple ACL with Laravel Based on the tutorial by Ollie Read http://ollieread.com/blog/2014/03/18/a-simplified-laravel-acl/ Migrations php artisan migrate:make create_acl_groups_table <?php use IlluminateDatabaseSchemaBlueprint; use IlluminateDatabaseMigrationsMigration; class CreateAclGroupsTable extends Migration { /** * Run the migrations. * * @return void */ public function up() { // Schema::create('acl_groups', function ($table){ $table->increments('id'); $table->string('name', 50); $table->string('description', 255); }); } /** * Reverse the migrations. * * @return void */ public function down() { // Schema::drop('acl_groups'); } } php artisan migrate:make create_acl_permissions_table <?php
- 2. use IlluminateDatabaseSchemaBlueprint; use IlluminateDatabaseMigrationsMigration; class CreateAclPermissionsTable extends Migration { /** * Run the migrations. * * @return void */ public function up() { // Schema::create('acl_permissions', function($table){ $table->increments('id'); $table->string('ident', 255); $table->string('description', 255); }); } /** * Reverse the migrations. * * @return void */ public function down() { // Schema::drop('acl_permissions'); } } php artisan migrate:make create_acl_group_permissions_table <?php use IlluminateDatabaseSchemaBlueprint; use IlluminateDatabaseMigrationsMigration; class CreateAclGroupPermissionsTable extends Migration { /** * Run the migrations. * * @return void */ public function up()
- 3. { // Schema::create('acl_group_permissions', function($table){ $table->integer('group_id', false); $table->integer('permission_id', false); }); } /** * Reverse the migrations. * * @return void */ public function down() { // Schema::drop('acl_group_permissions'); } } php artisan migrate:make create acl_user_groups_table <?php use IlluminateDatabaseSchemaBlueprint; use IlluminateDatabaseMigrationsMigration; class CreateAclUserGroupsTable extends Migration { /** * Run the migrations. * * @return void */ public function up() { // Schema::create('acl_user_groups', function($table){ $table->integer('user_id', false); $table->integer('group_id', false); }); } /** * Reverse the migrations. * * @return void */
- 4. public function down() { // Schema::drop('acl_user_groups'); } } Models AclGroup.php <?php class AclGroup extends Eloquent { protected $table = 'acl_groups'; protected $fillable = array('name', 'description'); public $timestamps = false; public function users() { return $this->belongsToMany('User', 'acl_user_groups', 'group_id', 'user_id'); } public function permissions() { return $this->belongsToMany('AclPermission', 'acl_group_permissions', 'group_id', 'permission_id'); } } AclPermission.php <?php class AclPermission extends Eloquent { protected $table = 'acl_permissions'; protected $fillable = array('ident', 'description'); public $timestamps = false; public function groups(){ return $this->belongsToMany('AclGroup', 'acl_group_permissions', 'group_id', 'permission_id'); } public function getKey() {
- 5. return $this->attributes['ident']; } } AclPermitted.php <?php class AclPermittedFilter { public function filter($route, $request){ $user = Auth::user(); $user->load('groups', 'groups.permissions'); $permitted = false; foreach($user->groups as $group){ if ( $group->permissions->contains($route->getName()) ){ $permitted = true; break; } } if (!$permitted) { return Redirect::route('user.denied'); } } public static function checkPermission($route) { $user = Auth::user(); $user->load('groups', 'groups.permissions'); $permitted = false; foreach($user->groups as $group){ if ( $group->permissions->contains($route) ){ $permitted = true; break; } } return $permitted; } } Sample Usage routes.php Route::filter('acl.permitted', 'AclPermittedFilter');
- 6. Route::group(array('prefix'=>'user'), function () { Route::get('supersecret', array( 'before'=> ['auth.ldap', 'acl.permitted'], 'as' => 'user.supersecret', 'uses' => 'UserController@supersecret' )); Route::get('denied', array( 'as' => 'user.denied', 'uses' => 'UserController@denied' )); }); From a view @if ( AclPermittedFilter::checkPermission('user.supersecret') ) <h5> You are allowed to view secret stuff</h5> @endif