Skip to content

v1.0.0-rc.5

Pre-release
Pre-release
Compare
Choose a tag to compare
@JosephSilber JosephSilber released this 27 Feb 17:28
· 119 commits to master since this release

New

  • Support for Laravel 5.8 πŸŽ‰

  • Allow granting abilities to everyone. 0d6e7b6

    Bouncer::allowEveryone()->to('view', Post::class);

    See #319 for why this is useful. In short:

    When there are certain abilities you'd like everyone to have, you previously had to add that ability to everyone separately (either directly or through a role). This works, but it means that:

    1. You're bloating up your database.
    2. It's another thing that has to run whenever a new user signs up.
    3. Whenever you change these, you have to remember to also add these permissions for all existing users.

    Using Bouncer to grant these abilities to everyone means there's one less thing to manage, and you can keep your DB much leaner.

    Note: this requires a small change to the DB schema, making two columns nullable. See below in the section on migrations.

  • Allow running a callback with a temporary scope. ebba511

    When applying a global scope in a multi-tenant system, it may sometimes be beneficial to be able to run a single query without the scope, or with a different scope. #368

    Both of these are now possible:

    Bouncer::scope()->onceTo($tenantId, function () {
        // All queries within this closure will run with this
        // temporary $tenantId. After that, every other
        // query will use the global tenant ID.
    });
    Bouncer::scope()->removeOnce(function () {
        // All queries within this closure will run without any scope.
    });

    It's also now possible to get the current tenant's ID:

    $tenantId = Bouncer::scope()->get();

Fixes

  • Properly scope disallow/forbid when called on a role f143275

Breaking Changes

NOTE: this will only affect you if you're using custom models or custom table names.

If you're using custom models or custom table names, they will now automatically be registered with the morph map. See #306 and #378 for why this change was necessary.

What this means is that if you weren't registering your models with the morph map yourself, you'll now have to migrate your DB so that it no longer stores the raw model class names.

So, if you've registered a custom role with Bouncer:

Bouncer::useRoleModel(MyRole::class);

...and have not previously registered it with the morph map yourself, you should migrate your DB to use the morph map's entity type:

DB::table('permissions')
    ->where(['entity_type' => MyRole::class])
    ->update(['entity_type' => (new MyRole)->getMorphClass()]);
    

Schema Changes

There are no necessary schema changes in this release. However, in order to use the new allowEveryone() feature, you'll need to change the following 2 columns in the permissions table to be nullable:

  • entity_id
  • entity_type

A note on version compatibility

Since this release contains an important bugfix to the multi-tenancy scope system in Bouncer, it still supports Laravel all the way back to 5.1 and PHP all the way back to 5.5.

If there are no show stopping bugs found with this RC, the next RC will no longer support these older versions of Laravel & PHP. If you're still stuck on these older versions, you can continue using Bouncer with this release until you're ready to upgrade.