Generate robust laravel athorization without writing a single line of code.

Related tags

Laravel laravel-authorizer
Overview

Implement robust laravel authorization logic without writing a single line of code

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

This package helps you to quickly create strong policy authorization logic in your Laravel application with minimal effort. In most cases the defaults will be just enough and all you'd need to do is authorize.

Installation

You can install the package via composer:

composer require flixtechs-labs/laravel-authorizer

You can publish the config file with:

php artisan vendor:publish --tag="laravel-authorizer-config"

This is the contents of the published config file:

return [
    'permissions' => [
        'create',
        'update',
        'delete',
        'view all',
        'view',
        'force delete',
        'restore',
    ],
];

Setup

This package depends on the spatie/laravel-permission package. It's installed automatically when you install this package.

To setup the package all you need to is run the following command:

php artisan authorizer:setup

If your project is ready you can generate the permissions on setup by adding the --permissions option:

php artisan authorizer:setup --permissions

You can also generate the policies on setup by adding the --policies option:

php artisan authorizer:setup --policies

Or you can generate both on setup by adding the --permissions and --policies options:

php artisan authorizer:setup --permissions --policies

This will publish the migrations from the spatie/laravel-permission package, migrate the database and generate the permissions and policies.

Usage

This package generates a batteries included policy skeleton. You just have to generate a policy and authorize in your controllers.

Generate a policy for one model

php artisan authorizer:policies:generate Post --model=Post

This will generate a PostPolicy in the App\Policies\ namespace. The generated Policy would look something like this:

<?php

namespace App\Policies;

use App\Enums\PostState;
use App\Models\Post;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Auth\Access\Response;

class PostPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view any models.
     *
     * @param User $user
     * @return Response|bool
     */
    public function viewAny(User $user): Response|bool
    {
        return $user->can('view all posts');
    }

    /**
     * Determine whether the user can view the model.
     *
     * @param User|null $user
     * @param Post $post
     * @return Response|bool
     */
    public function view(?User $user, Post $post): Response|bool
    {
        return $user->can('view post')
    }

    /**
     * Determine whether the user can create models.
     *
     * @param User $user
     * @return Response|bool
     */
    public function create(User $user): Response|bool
    {
        return $user->can('create post');
    }

    /**
     * Determine whether the user can update the model.
     *
     * @param User $user
     * @param Post $post
     * @return Response|bool
     */
    public function update(User $user, Post $post): Response|bool
    {
        return $user->can('update post');
    }

    /**
     * Determine whether the user can delete the model.
     *
     * @param User $user
     * @param Post $post
     * @return Response|bool
     */
    public function delete(User $user, Post $post): Response|bool
    {
        return $user->can('delete post');
    }

    /**
     * Determine whether the user can restore the model.
     *
     * @param User $user
     * @param Post $post
     * @return Response|bool
     */
    public function restore(User $user, Post $post): Response|bool
    {
        return $user->can('restore post');
    }

    /**
     * Determine whether the user can permanently delete the model.
     *
     * @param User $user
     * @param Post $post
     * @return Response|bool
     */
    public function forceDelete(User $user, Post $post): Response|bool
    {
        return $user->can('force delete post');
    }
}

Now all you just need to do is authorize the user in your controllers:

<?php

namespace App\Controllers;

use App\Models\Post;

public function __construct()
{
    $this->authorizeResource(Post::class, 'post');
}

Or authorize per action

public function update(UpdatePostRequest $request, Post $post)
{
    $this->authorize('update', $post);
}

Generating policies for all models

php artisan authorizer:policies:generate

This will generate policies for all models in your project.

Generating permissions for one model

php artisan authorizer:permissions:generate --model=Post

This will generate all the CRUD permissions for one specific model. You can add additional permission to be generated by adding them to the config file in config/authorizer.php

Or you can just generate for all the models

php artisan authorizer:generate:permissions

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

You might also like...
Rinvex Tenantable is a contextually intelligent polymorphic Laravel package, for single db multi-tenancy.
Rinvex Tenantable is a contextually intelligent polymorphic Laravel package, for single db multi-tenancy.

Rinvex Tenants is a contextually intelligent polymorphic Laravel package, for single db multi-tenancy. You can completely isolate tenants data with ease using the same database, with full power and control over what data to be centrally shared, and what to be tenant related and therefore isolated from others.

Rinvex 80 Oct 21, 2022
A Single Table Inheritance Trait for Eloquent/Laravel

Single Table Inheritance Single Table Inheritance is a trait for Laravel 5.8+ Eloquent models that allows multiple models to be stored in the same dat

Jon Palmer 240 Oct 26, 2022
Easily integrate single-database multi tenant features into your Laravel application
Easily integrate single-database multi tenant features into your Laravel application

Laravel Tenant Aware Easily integrate single-database multi tenant features into your Laravel application. Installation You can install the package vi

H-FARM Innovation 9 Dec 21, 2022
A single-field repeater for Filament. ⚡️

A single-field repeater for Filament. This is where your description should go. Limit it to a paragraph or two. Consider adding a small example. Insta

Ryan Chandler 3 Mar 5, 2022
A simple pure PHP RADIUS client supporting Standard and Vendor-Specific Attributes in single file

BlockBox-Radius A simple pure PHP RADIUS client supporting Standard and Vendor-Specific Attributes in single file Author: Daren Yeh [email protected]

null 2 Oct 2, 2022
A simple package that helps PHP developers to generate the QR code signature as per Zakat authority (ZATCA) requirements of Saudi Arabia.

A PHP package that implements the e-invoice QR code signature requirements as designed by the Zakat authority of Saudi Arabia. How to install? compose

Muktar Sayed Saleh 5 Jun 13, 2022
Laravel router extension to easily use Laravel's paginator without the query string

🚨 THIS PACKAGE HAS BEEN ABANDONED 🚨 We don't use this package anymore in our own projects and cannot justify the time needed to maintain it anymore.

Spatie 307 Sep 23, 2022
A Laravel Wrapper for the CoinDCX API. Now easily connect and consume the CoinDCX Public API in your Laravel apps without any hassle.
A Laravel Wrapper for the CoinDCX API. Now easily connect and consume the CoinDCX Public API in your Laravel apps without any hassle.

This package provides a Laravel Wrapper for the CoinDCX API and allows you to easily communicate with it. Important Note This package is in early deve

Moinuddin S. Khaja 2 Feb 16, 2022
Create Laravel views (blade template) using 'php artisan' command-line interface
Create Laravel views (blade template) using 'php artisan' command-line interface

About LaraBit Have you ever wonder to create Laravel views (Blade Templates) using the same type of artisan commands that you usually use to create ne

Ragib MRB 5 Oct 15, 2021
Comments
Releases(v0.0.2-alpha)
Owner
Flixtechs
A Laravel design and development agency in Harare
Flixtechs
GitHub
Boilerplate code for protecting a form with proof of work. Uses javascript in the browser to generate the hashcash and PHP on the server to generate the puzzle and validate the proof of work.

Boilerplate code for protecting a form with proof of work. Uses javascript in the browser to generate the hashcash and PHP on the server to generate the puzzle and validate the proof of work.

Jameson Lopp 28 Dec 19, 2022
Laravel is accessible, powerful, and provides tools required for large, robust applications.

Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experience to be trul

Web & Mobile | eCommerce | Full-Stack Developer 4 Nov 24, 2022
Gallium is a TALL stack starter kit offering a robust set of options enabling you to get up and running in a snap.

Very short description of the package This is where your description should go. Try and limit it to a paragraph or two, and maybe throw in a mention o

null 1 Nov 20, 2021
Laravel 5 package for reading and writing CSV files.

CSV Laravel 5 package for reading and writing CSV files. Warning The package has been updated to PHP 7. If you can't update to PHP 7 use version 0.6.x

Maciej Wilgucki 48 Nov 29, 2022
Object-oriented, composable, fluent API for writing validations in Laravel

Laravel Hyrule Hyrule provides an object-oriented, fluent API for building validation rules for use w/ Laravel's Validation component. This unlocks pa

Square 330 Dec 8, 2022
Generate trends for your models. Easily generate charts or reports.

Laravel Trend Generate trends for your models. Easily generate charts or reports. Support us Like our work? You can support us by purchasing one of ou

Flowframe 139 Dec 27, 2022
Simplifies writing DocBlock comments in Javascript, PHP, CoffeeScript, Actionscript, C & C++

DocBlockr DocBlockr is a package for Sublime Text 2 & 3 which makes writing documentation a breeze. DocBlockr supports JavaScript (including ES6), PHP

Nick Fisher 3.1k Nov 25, 2022
Laravel Larex lets you translate your whole Laravel application from a single CSV file.

Laravel Larex Translate Laravel Apps from a CSV File Laravel Larex lets you translate your whole Laravel application from a single CSV file. You can i

Luca Patera 68 Dec 12, 2022
Update multiple Laravel Model records, each with it's own set of values, sending a single query to your database!

Laravel Mass Update Update multiple Laravel Model records, each with its own set of values, sending a single query to your database! Installation You

Jorge González 88 Dec 31, 2022
A Single Table Inheritance Trait for Eloquent/Laravel

Single Table Inheritance Credit This code is a fork of Nanigans/single-table-inheritance. I've only updated it to work with Laravel 5 Single Table Inh

Peter Haza 15 Feb 17, 2022