Roles

Package for handling roles and permissions.

• Installation
  • Composer
  • Service Provider
  • Config File And Migrations
  • HasRoleAndPermission Trait And Contract
• Usage
  • Creating Roles
  • Attaching And Detaching Roles
  • Checking For Roles
  • Levels
  • Creating Permissions
  • Attaching And Detaching Permissions
  • Checking For Permissions
  • Permissions Inheriting
  • Entity Check
  • Blade Extensions
  • Middleware
• Config File

Installation

This package is included in the lavalite framework.

Service Provider

Add the package to your application service providers in config/app.php file.

'providers' => [
    
    
    /**
     * Third Party Service Providers...
     */
    Litepie\Roles\RolesServiceProvider::class,

], php

Config File And Migrations

Publish the package config file to your application. Run these commands inside your terminal.

php artisan vendor:publish --provider="Litepie\Roles\RolesServiceProvider" --tag=config

And also run migrations.

php artisan migrate

This uses the default users table which is in Laravel. You should already have the migration file for the users table available and migrated.

HasRoleAndPermission Trait And Contract

Include HasRoleAndPermission trait and also implement HasRoleAndPermission contract inside your User model.

use Litepie\Roles\Traits\HasRoleAndPermission;
use Litepie\Roles\Contracts\HasRoleAndPermission as HasRoleAndPermissionContract;

class User extends Model implements AuthenticatableContract, CanResetPasswordContract, HasRoleAndPermissionContract
{
    use Authenticatable, CanResetPassword, HasRoleAndPermission; php

Include CheckRoleAndPermission trait and also implement CheckRoleAndPermission contract inside your authentication models other than user model.

use Litepie\Roles\Traits\CheckRoleAndPermission;

class Client extends Model implements AuthenticatableContract, CanResetPasswordContract
{
    use Authenticatable, CanResetPassword, CheckRoleAndPermission; php

And that's it!

Usage

Creating Roles

use Litepie\Roles\Models\Role;

$adminRole = Role::create([
    'name' => 'Admin',
    'slug' => 'admin',
    'description' => '', // optional
    'level' => 1, // optional, set to 1 by default
]);

$moderatorRole = Role::create([
    'name' => 'Forum Moderator',
    'slug' => 'forum.moderator',
]); php

Because of Slugable trait, if you make a mistake and for example leave a space in slug parameter, it'll be replaced with a dot automatically, because of str_slug function.

Attaching And Detaching Roles

It's really simple. You fetch a user from database and call attachRole method. There is BelongsToMany relationship between User and Role model.

use App\User;

$user = User::find($id);

$user->attachRole($adminRole); // you can pass whole object, or just an id
 php

$user->detachRole($adminRole); // in case you want to detach role
$user->detachAllRoles(); // in case you want to detach all roles
 php

Checking For Roles

You can now check if the user has required role.

if ($user->isAn('admin')) { // you can pass an id or slug
    // or alternatively $user->hasRole('admin')
} php

if ($user->isA('user')) { // you can pass an id or slug
    // or alternatively $user->hasRole('user')
} php

You can also do this:

if ($user->isAdmin()) {
    //
} php

And of course, there is a way to check for multiple roles:

if ($user->isA('admin|moderator')) { 
    /*
    | Or alternatively:
    | $user->isA('admin, moderator'), $user->isA(['admin', 'moderator']),
    | $user->isOne('admin|moderator'), $user->isOne('admin, moderator'), $user->isOne(['admin', 'moderator'])
    */

    // if user has at least one role
}

if ($user->isA('admin|moderator', true)) {
    /*
    | Or alternatively:
    | $user->isA('admin, moderator', true), $user->isA(['admin', 'moderator'], true),
    | $user->isAll('admin|moderator'), $user->isAll('admin, moderator'), $user->isAll(['admin', 'moderator'])
    */

    // if user has all roles
} php

Levels

When you are creating roles, there is optional parameter level. It is set to 1 by default, but you can overwrite it and then you can do something like this:

if ($user->level() > 4) {
    //
} php

If user has multiple roles, method level returns the highest one.

Level has also big effect on inheriting permissions. About it later.

Creating Permissions

It's very simple thanks to Permission model.

use Litepie\Roles\Models\Permission;

$createUsersPermission = Permission::create([
    'name' => 'Create users',
    'slug' => 'create.users',
    'description' => '', // optional
]);

$deleteUsersPermission = Permission::create([
    'name' => 'Delete users',
    'slug' => 'delete.users',
]); php

Attaching And Detaching Permissions

You can attach permissions to a role or directly to a specific user (and of course detach them as well).

use App\User;
use Litepie\Roles\Models\Role;

$role = Role::find($roleId);
$role->attachPermission($createUsersPermission); // permission attached to a role

$user = User::find($userId);
$user->attachPermission($deleteUsersPermission); // permission attached to a user
 php

$role->detachPermission($createUsersPermission); // in case you want to detach permission
$role->detachAllPermissions(); // in case you want to detach all permissions

$user->detachPermission($deleteUsersPermission);
$user->detachAllPermissions(); php

Checking For Permissions

if ($user->can('create.users') { // you can pass an id or slug
    //
}

if ($user->canDeleteUsers()) {
    //
} php

You can check for multiple permissions the same way as roles. You can make use of additional methods like canOne, canAll or hasPermission.

Permissions Inheriting

Role with higher level is inheriting permission from roles with lower level.

There is an example of this magic:

You have three roles: user, moderator and admin. User has a permission to read articles, moderator can manage comments and admin can create articles. User has a level 1, moderator level 2 and admin level 3. It means, moderator and administrator has also permission to read articles, but administrator can manage comments as well.

If you don't want permissions inheriting feature in you application, simply ignore level parameter when you're creating roles.

Entity Check

Let's say you have an article and you want to edit it. This article belongs to a user (there is a column user_id in articles table).

use App\Article;
use Litepie\Roles\Models\Permission;

$editArticlesPermission = Permission::create([
    'name' => 'Edit articles',
    'slug' => 'edit.articles',
    'model' => 'App\Article',
]);

$user->attachPermission($editArticlesPermission);

$article = Article::find(1);

if ($user->allowed('edit.articles', $article)) { // $user->allowedEditArticles($article)
    //
} php

This condition checks if the current user is the owner of article. If not, it will be looking inside user permissions for a row we created before.

if ($user->allowed('edit.articles', $article, false)) { // now owner check is disabled
    //
} php

Blade Extensions

There are four Blade extensions. Basically, it is replacement for classic if statements.

@role('admin') // @if(Auth::check() && Auth::user()->isA('admin'))
    // user is admin
@endrole

@permission('edit.articles') // @if(Auth::check() && Auth::user()->can('edit.articles'))
    // user can edit articles
@endpermission

@level(2) // @if(Auth::check() && Auth::user()->level() >= 2)
    // user has level 2 or higher
@endlevel

@allowed('edit', $article) // @if(Auth::check() && Auth::user()->allowed('edit', $article))
    // show edit button
@endallowed

@role('admin|moderator', 'all') // @if(Auth::check() && Auth::user()->isA('admin|moderator', 'all'))
    // user is admin and also moderator
@else
    // something else
@endrole php

Middleware

This package comes with VerifyRole, VerifyPermission and VerifyLevel middleware. You must add them inside your app/Http/Kernel.php file.

/**
 * The application's route middleware.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,

    'role' => \Litepie\Roles\Http\Middleware\VerifyRole::class,
    'permission' => \Litepie\Roles\Http\Middleware\VerifyPermission::class,
    'level' => \Litepie\Roles\Http\Middleware\VerifyLevel::class,
]; php

Now you can easily protect your routes.

$router->get('/example', [
    'as' => 'example',
    'middleware' => 'role:admin',
    'uses' => 'ExampleController@index',
]);

$router->post('/example', [
    'as' => 'example',
    'middleware' => 'permission:edit.articles',
    'uses' => 'ExampleController@index',
]);

$router->get('/example', [
    'as' => 'example',
    'middleware' => 'level:2', // level >= 2
    'uses' => 'ExampleController@index',
]); php

It throws \Litepie\Roles\Exceptions\RoleDeniedException, \Litepie\Roles\Exceptions\PermissionDeniedException or \Litepie\Roles\Exceptions\LevelDeniedException exceptions if it goes wrong.

You can catch these exceptions inside app/Exceptions/Handler.php file and do whatever you want.

/**
 * Render an exception into an HTTP response.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Exception  $e
 * @return \Illuminate\Http\Response
 */
public function render($request, Exception $e)
{
    if ($e instanceof \Litepie\Roles\Exceptions\RoleDeniedException) {
        // you can for example flash message, redirect...
        return redirect()->back();
    }

    return parent::render($request, $e);
} php

Config File

You can change connection for models, slug separator, models path and there is also a handy pretend feature. Have a look at config file for more information.