Lock is a flexible, driver based Acl package for PHP 5.4+.
This package is a Laravel driver for Lock. Check the documentation of Lock for more info.
Install this package through Composer.
$ composer require beatswitch/lock-laravel
Register the service provider in your app.php
config file.
'BeatSwitch\Lock\Integrations\Laravel\LockServiceProvider',
Register the facades in your app.php
config file.
'Lock' => 'BeatSwitch\Lock\Integrations\Laravel\Facades\Lock',
'LockManager' => 'BeatSwitch\Lock\Integrations\Laravel\Facades\LockManager',
Publish the configuration file and edit the configuration options at app/config/packages/beatswitch/lock-laravel/config.php
.
$ php artisan config:publish beatswitch/lock-laravel
If you're using the database driver you should run the package's migrations. This will create the database table where all permissions will be stored.
$ php artisan migrate --package="beatswitch/lock-laravel"
Please read the main Lock documentation for setting up the caller contract on your User
model and for more in-depth documentation on how Lock works.
Also make sure to set the BeatSwitch\Lock\LockAware
trait on your User
model. That way your authenticated user will receive a Lock instance of itself so you can call permissions directly from your user object. If no user is authenticated, a SimpleCaller
object will be bootstrapped which has the guest
role. That way you can still use the Lock
facade.
You can register roles and aliases beforehand through the permissions
callback in the config file. Here you can say which actions should be grouped under an alias or set which roles should inherit permissions from each other.
<?php
use BeatSwitch\Lock\Callers\Caller;
use BeatSwitch\Lock\Manager;
return [
...
'permissions' => function (Manager $manager, Caller $caller) {
// Set your configuration here.
$manager->alias('manage', ['create', 'read', 'update', 'delete']);
$manager->setRole('user', 'guest');
$manager->setRole(['editor', 'admin'], 'user');
},
];
If you're using the array driver you can set all your permissions beforehand in the same permissions
callback from above.
<?php
use BeatSwitch\Lock\Callers\Caller;
use BeatSwitch\Lock\Callers\SimpleCaller;
use BeatSwitch\Lock\Drivers\ArrayDriver;
use BeatSwitch\Lock\Manager;
return [
...
'permissions' => function (Manager $manager, Caller $caller) {
// Only set permissions beforehand when using the array driver.
if ($manager->getDriver() instanceof ArrayDriver) {
// Set some role permissions.
$manager->role('guest')->allow('read', 'posts');
$manager->role('user')->allow('create', 'posts');
$manager->role('editor')->allow('publish', 'posts');
// Set permissions for a specific user.
$manager->caller(new SimpleCaller('users', 1)->allow('publish', 'posts');
}
},
];
You'll probably never want to set permissions for your current authed user caller because they'd apply to every user who logs in but it's there if you need it.
Warning: Make sure that you never set permissions through the
permissions
callback when using the database driver. This would result in permissions getting stored into your database each time your app is run.
Enable the database driver by switching the driver type in the config file. The database driver will use your default database connection to store permissions to your database. You can choose which table to store the permissions into by changing the setting in the config file.
Now that you have your database driver set up, you're ready to create a UI for your permissions and use the lock manager instance in your application to change permissions for callers or roles.
This package ships with two facades: the Lock
facade which holds the BeatSwitch\Lock\Lock
instance for your current authed user (or the guest user if no user is authed) and the LockManager
class which can be used to bootstrap new lock instances for callers or roles.
Checking permissions for the current user is easy.
Lock::can('create', 'posts');
Lock::cannot('publish', $post);
// Or use the auth instance. This is possible because your User model has the LockAware trait.
Auth::user()->can('create', 'posts');
Use the manager to set permissions.
LockManager::caller($user)->allow('create', 'posts');
LockManager::caller($user)->allow('all');
LockManager::role('editor')->allow('create', 'posts');
You can use Laravel's IoC container to insert an instance of the current user's lock instance or the lock manager instance into your classes or controllers.
<?php
use BeatSwitch\Lock\Manager;
class UserManagementController extends BaseController
{
protected $lockManager;
public function __construct(Manager $lockManager)
{
$this->lockManager = $lockManager;
}
public function togglePermission()
{
$userId = Input::get('user');
$action = Input::get('action');
$resource = Input::get('resource');
$user = User::find($userId);
$this->lockManager->caller($user)->toggle($action, $resource);
return Redirect::route('user_management');
}
}
This package is currently maintained by Dries Vints.
If you have any questions please don't hesitate to ask them in an issue.
Please see the contributing file for details.
You can see a list of changes for each release in the changelog file.
The MIT License (MIT). Please see the license file for more information.