Laravel mongodb permissions

Last update: May 10, 2022

laravel mongodb permissions

Once installed you can do stuff like this:

// Adding permissions to a user
$user->givePermissionTo('edit articles');

// Adding permissions via a role
$user->assignRole('writer');

$role->givePermissionTo('edit articles');

Because all permissions will be registered on Laravel's gate, you can test if a user has a permission with Laravel's default can function:

$user->can('edit articles');

Installation

You can install the package via composer:

composer require moahada/laravel-mongodb-permission

You can publish the migration with:

php artisan vendor:publish --provider="Moahada\Permission\PermissionServiceProvider" --tag="migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --provider="Moahada\Permission\PermissionServiceProvider" --tag="config"

When published, the config/permission.php config file contains:

Moahada\Permission\Models\Permission::class, /* * When using the "HasRoles" trait from this package, we need to know which * Moloquent model should be used to retrieve your roles. Of course, it * is often just the "Role" model but you may use whatever you like. * * The model you want to use as a Role model needs to implement the * `Moahada\Permission\Contracts\Role` contract. */ 'role' => Moahada\Permission\Models\Role::class, ], 'collection_names' => [ /* * When using the "HasRoles" trait from this package, we need to know which * table should be used to retrieve your roles. We have chosen a basic * default value but you may easily change it to any table you like. */ 'roles' => 'roles', /* * When using the "HasRoles" trait from this package, we need to know which * table should be used to retrieve your permissions. We have chosen a basic * default value but you may easily change it to any table you like. */ 'permissions' => 'permissions', ], /* * By default all permissions will be cached for 24 hours unless a permission or * role is updated. Then the cache will be flushed immediately. */ 'cache_expiration_time' => 60 * 24, /* * By default we'll make an entry in the application log when the permissions * could not be loaded. Normally this only occurs while installing the packages. * * If for some reason you want to disable that logging, set this value to false. */ 'log_registration_exception' => true, /* * When set to true, the required permission/role names are added to the exception * message. This could be considered an information leak in some contexts, so * the default setting is false here for optimum safety. */ 'display_permission_in_exception' => false, ];">
return [

    'models' => [

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * Moloquent model should be used to retrieve your permissions. Of course, it
         * is often just the "Permission" model but you may use whatever you like.
         *
         * The model you want to use as a Permission model needs to implement the
         * `Moahada\Permission\Contracts\Permission` contract.
         */

        'permission' => Moahada\Permission\Models\Permission::class,

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * Moloquent model should be used to retrieve your roles. Of course, it
         * is often just the "Role" model but you may use whatever you like.
         *
         * The model you want to use as a Role model needs to implement the
         * `Moahada\Permission\Contracts\Role` contract.
         */

        'role' => Moahada\Permission\Models\Role::class,

    ],

    'collection_names' => [

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * table should be used to retrieve your roles. We have chosen a basic
         * default value but you may easily change it to any table you like.
         */

        'roles' => 'roles',

        /*
         * When using the "HasRoles" trait from this package, we need to know which
         * table should be used to retrieve your permissions. We have chosen a basic
         * default value but you may easily change it to any table you like.
         */

        'permissions' => 'permissions',
    ],

    /*
     * By default all permissions will be cached for 24 hours unless a permission or
     * role is updated. Then the cache will be flushed immediately.
     */

    'cache_expiration_time' => 60 * 24,

    /*
     * By default we'll make an entry in the application log when the permissions
     * could not be loaded. Normally this only occurs while installing the packages.
     *
     * If for some reason you want to disable that logging, set this value to false.
     */

    'log_registration_exception' => true,
    
    /*
     * When set to true, the required permission/role names are added to the exception
     * message. This could be considered an information leak in some contexts, so
     * the default setting is false here for optimum safety.
     */
    
    'display_permission_in_exception' => false,
];

Usage

First, add the Moahada\Permission\Traits\HasRoles trait to your User model(s):

use Illuminate\Auth\Authenticatable;
use Jenssegers\Mongodb\Eloquent\Model as Model;
use Illuminate\Foundation\Auth\Access\Authorizable;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
use Moahada\Permission\Traits\HasRoles;

class User extends Model implements AuthenticatableContract, AuthorizableContract
{
    use Authenticatable, Authorizable, HasRoles;

    // ...
}

Note: that if you need to use HasRoles trait with another model ex.Page you will also need to add protected $guard_name = 'web'; as well to that model or you would get an error

use Jenssegers\Mongodb\Eloquent\Model as Model;
use Moahada\Permission\Traits\HasRoles;

class Page extends Model
{
    use HasRoles;

    protected $guard_name = 'web'; // or whatever guard you want to use

    // ...
}

This package allows for users to be associated with permissions and roles. Every role is associated with multiple permissions. A Role and a Permission are regular Moloquent models. They require a name and can be created like this:

use Moahada\Permission\Models\Role;
use Moahada\Permission\Models\Permission;

$role = Role::create(['name' => 'writer']);
$permission = Permission::create(['name' => 'edit articles']);

A permission can be assigned to a role using 1 of these methods:

$role->givePermissionTo($permission);
$permission->assignRole($role);

Multiple permissions can be synced to a role using 1 of these methods:

$role->syncPermissions($permissions);
$permission->syncRoles($roles);

A permission can be removed from a role using 1 of these methods:

$role->revokePermissionTo($permission);
$permission->removeRole($role);

If you're using multiple guards the guard_name attribute needs to be set as well. Read about it in the using multiple guards section of the readme.

The HasRoles trait adds Moloquent relationships to your models, which can be accessed directly or used as a base query:

// get a list of all permissions directly assigned to the user
$permissions = $user->permissions; // Returns a collection

// get all permissions inherited by the user via roles
$permissions = $user->getAllPermissions(); // Returns a collection

// get all permissions names
$permissions = $user->getPermissionNames(); // Returns a collection

// get a collection of all defined roles
$roles = $user->roles->pluck('name'); // Returns a collection

// get all role names
$roles = $user->getRoleNames() // Returns a collection;

The HasRoles trait also adds a role scope to your models to scope the query to certain roles or permissions:

$users = User::role('writer')->get(); // Returns only users with the role 'writer'
$users = User::permission('edit articles')->get(); // Returns only users with the permission 'edit articles'

The scope can accept a string, a \Moahada\Permission\Models\Role object, a \Moahada\Permission\Models\Permission object or an \Illuminate\Support\Collection object.

Using "direct" permissions

A permission can be given to any user with the HasRoles trait:

$user->givePermissionTo('edit articles');

// You can also give multiple permission at once
$user->givePermissionTo('edit articles', 'delete articles');

// You may also pass an array
$user->givePermissionTo(['edit articles', 'delete articles']);

A permission can be revoked from a user:

$user->revokePermissionTo('edit articles');

Or revoke & add new permissions in one go:

$user->syncPermissions(['edit articles', 'delete articles']);

You can test if a user has a permission:

$user->hasPermissionTo('edit articles');

...or if a user has multiple permissions:

$user->hasAnyPermission(['edit articles', 'publish articles', 'unpublish articles']);

Saved permissions will be registered with the Illuminate\Auth\Access\Gate class for the default guard. So you can test if a user has a permission with Laravel's default can function:

$user->can('edit articles');

Using permissions via roles

A role can be assigned to any user:

$user->assignRole('writer');

// You can also assign multiple roles at once
$user->assignRole('writer', 'admin');
// or as an array
$user->assignRole(['writer', 'admin']);

A role can be removed from a user:

$user->removeRole('writer');

Roles can also be synced:

// All current roles will be removed from the user and replaced by the array given
$user->syncRoles(['writer', 'admin']);

You can determine if a user has a certain role:

$user->hasRole('writer');

You can also determine if a user has any of a given list of roles:

$user->hasAnyRole(Role::all());

You can also determine if a user has all of a given list of roles:

$user->hasAllRoles(Role::all());

The assignRole, hasRole, hasAnyRole, hasAllRoles and removeRole functions can accept a string, a \Moahada\Permission\Models\Role object or an \Illuminate\Support\Collection object.

A permission can be given to a role:

$role->givePermissionTo('edit articles');

You can determine if a role has a certain permission:

$role->hasPermissionTo('edit articles');

A permission can be revoked from a role:

$role->revokePermissionTo('edit articles');

The givePermissionTo and revokePermissionTo functions can accept a string or a Moahada\Permission\Models\Permission object.

Permissions are inherited from roles automatically. Additionally, individual permissions can be assigned to the user too.

For instance:

$role = Role::findByName('writer');
$role->givePermissionTo('edit articles');

$user->assignRole('writer');

$user->givePermissionTo('delete articles');

In the above example, a role is given permission to edit articles and this role is assigned to a user. Now the user can edit articles and additionally delete articles. The permission of delete articles is the user's direct permission because it is assigned directly to them. When we call $user->hasDirectPermission('delete articles') it returns true, but false for $user->hasDirectPermission('edit articles').

This method is useful if one builds a form for setting permissions for roles and users in an application and wants to restrict or change inherited permissions of roles of the user, i.e. allowing to change only direct permissions of the user.

You can list all of these permissions:

// Direct permissions
$user->getDirectPermissions() // Or $user->permissions;

// Permissions inherited from the user's roles
$user->getPermissionsViaRoles();

// All permissions which apply on the user (inherited and direct)
$user->getAllPermissions();

All these responses are collections of Moahada\Permission\Models\Permission objects.

If we follow the previous example, the first response will be a collection with the delete article permission, the second will be a collection with the edit article permission and the third will contain both.

Using Blade directives

This package also adds Blade directives to verify whether the currently logged in user has all or any of a given list of roles.

Optionally you can pass in the guard that the check will be performed on as a second argument.

Blade and Roles

Test for a specific role:

@role('writer')
    I am a writer!
@else
    I am not a writer...
@endrole

is the same as

@hasrole('writer')
    I am a writer!
@else
    I am not a writer...
@endhasrole

Test for any role in a list:

@hasanyrole(Role::all())
    I have one or more of these roles!
@else
    I have none of these roles...
@endhasanyrole
// or
@hasanyrole('writer|admin')
    I am either a writer or an admin or both!
@else
    I have none of these roles...
@endhasanyrole

Test for all roles:

@hasallroles(Role::all())
    I have all of these roles!
@else
    I do not have all of these roles...
@endhasallroles
// or
@hasallroles('writer|admin')
    I am both a writer and an admin!
@else
    I do not have all of these roles...
@endhasallroles

Blade and Permissions

This package doesn't add any permission-specific Blade directives. Instead, use Laravel's native @can directive to check if a user has a certain permission.

@can('edit articles')
  //
@endcan

or

@if(auth()->user()->can('edit articles') && $some_other_condition)
  //
@endif

Using artisan commands

You can create a role or permission from a console with artisan commands.

php artisan permission:create-role writer
php artisan permission:create-permission 'edit articles'

When creating permissions and roles for specific guards you can specify the guard names as a second argument:

php artisan permission:create-role writer web
php artisan permission:create-permission 'edit articles' web

GitHub

https://github.com/moahada/laravel-mongodb-permission
You might also like...

This package helps you to associate users with permissions and permission groups with laravel framework

This package helps you to associate users with permissions and permission groups with laravel framework

Laravel ACL This package allows you to manage user permissions and groups in a database, and is compatible with Laravel v5.8 or higher. Please check t

Jun 28, 2022

This is a lightweight package that allows you assign roles and permissions to any Laravel model, or on a pivot table (many to many relationship).

This is a lightweight package that allows you assign roles and permissions to any Laravel model, or on a pivot table (many to many relationship).

Simple Laravel roles and permissions Introduction This package allows you to assign roles and permissions to any laravel model, or on a pivot table (m

May 25, 2022

Tech-Admin is Laravel + Bootstrap Admin Panel With User Management And Access Control based on Roles and Permissions.

Tech-Admin is Laravel + Bootstrap Admin Panel With User Management And Access Control based on Roles and Permissions.

Tech-Admin | Laravel 8 + Bootstrap 4 Tech-Admin is Admin Panel With Preset of Roles, Permissions, ACL, User Management, Profile Management. Features M

Jun 18, 2022

Associate users with roles and permissions

Associate users with roles and permissions

Associate users with permissions and roles Sponsor If you want to quickly add authentication and authorization to Laravel projects, feel free to check

Jul 3, 2022

A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package

laravel-social A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package. I

Apr 13, 2022

:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. δΈ­ζ–‡ζ–‡ζ‘£ This tool no

Jun 28, 2022

An OAuth 2.0 bridge for Laravel and Lumen [DEPRECATED FOR LARAVEL 5.3+]

An OAuth 2.0 bridge for Laravel and Lumen [DEPRECATED FOR LARAVEL 5.3+]

OAuth 2.0 Server for Laravel (deprecated for Laravel 5.3+) Note: This package is no longer maintaned for Laravel 5.3+ since Laravel now features the P

Jun 24, 2022

A Simple method to create laravel authentication for an existing laravel project.

A Simple method to create laravel authentication for an existing laravel project.

Laravel Simple Auth A Simple method to create laravel authentication for an existing laravel project. Indroduction Why I created this kind of package?

Dec 14, 2021

πŸ” JSON Web Token Authentication for Laravel & Lumen

πŸ” JSON Web Token Authentication for Laravel & Lumen

Documentation Documentation for 1.* here For version 0.5.* See the WIKI for documentation. Supported by Auth0 If you want to easily add secure authent

Jun 26, 2022
Handle roles and permissions in your Laravel application

Laratrust (Laravel Package) Version Compatibility Laravel Laratrust 8.x 6.x 7.x 6.x 6.x 6.x 5.6.x - 5.8.x 5.2 5.3.x - 5.5.x 5.1 5.0.x - 5.2.x 4.0. Ins

Jun 25, 2022
Role-based Permissions for Laravel 5

ENTRUST (Laravel 5 Package) Entrust is a succinct and flexible way to add Role-based Permissions to Laravel 5. If you are looking for the Laravel 4 ve

Jun 22, 2022
Roles & Permissions for Laravel 8 / 7 / 6 / 5

Defender Defender is an Access Control List (ACL) Solution for Laravel 5 / 6 / 7 (single auth). (Not compatible with multi-auth) With security and usa

Apr 28, 2022
Laravel Users (Roles & Permissions, Devices, Password Hashing, Password History).
Laravel Users (Roles & Permissions, Devices, Password Hashing, Password History).

LARAVEL USERS Roles & Permissions Devices Password Hashing Password History Documentation You can find the detailed documentation here in Laravel User

Apr 20, 2022
Light-weight role-based permissions system for Laravel 6+ built in Auth system.

Kodeine/Laravel-ACL Laravel ACL adds role based permissions to built in Auth System of Laravel 8.0+. ACL middleware protects routes and even crud cont

Jun 17, 2022
Powerful package for handling roles and permissions in Laravel 5

Roles And Permissions For Laravel 5 Powerful package for handling roles and permissions in Laravel 5 (5.1 and also 5.0). Installation Composer Service

Jun 17, 2022
Laravel Roles and Permissions

Introduction to Laravel Roles and Permission App Starter Kit Roles and sanctions are a paramount part of many web applications. In project, we have op

Nov 1, 2021
PermissionsMakr is a Laravel package that will help any developer to easily manage the system's users permissions

PermissionsMakr is a Laravel package that will help any developer to easily manage the system's users permissions

Nov 30, 2021
Manage authorization with granular role-based permissions in your Laravel Apps.
Manage authorization with granular role-based permissions in your Laravel Apps.

Governor For Laravel Manage authorization with granular role-based permissions in your Laravel apps. Goal Provide a simple method of managing ACL in a

May 30, 2022
A Powerful package for handling roles and permissions in Laravel with GUI.
A Powerful package for handling roles and permissions in Laravel with GUI.

Laravel Roles A Powerful package for handling roles and permissions in Laravel. Supports Laravel 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 6.0, 7.0, and 8.0+. Tab

Jun 27, 2022