iya30n/dynamic-acl

A simple package to make your ACL as easy as possible

Dynamic ACL

Dynamic ACL is a package that handles Access Control Level on your Laravel Application. It's fast to run and simple to use. Install and enjoy ;)

Features

• Check Permissions: Check routes dynamically on admin permissions.
• Simple Policy: Check user_id on your entities (if the admin has access to this).

Installation

Prerequisite:

• Make your authentication (session-based) system.
• Define a name for your routes.

composer require iya30n/dynamic-acl

Publish config file

php artisan vendor:publish

Migrate roles table

php artisan migrate

Don't worry about relationships; We handle them for you.

Run make:admin command

This command makes your first admin a super admin with a full-access level.

php artisan make:admin --role

Usage

Just run your application and visit locahost:8000/admin/roles. You'll see a list of your roles. You can create a new one, edit or delete them.

Configuration

After publishing the vendor, you can change the configuration in the config/dynamicACL.php file.

It has the following options:

• alignment: Changes UI alignment. It can be eigther RTL or LTR. Also, when you change your lang, CRUD roles will change in (fa, en).
• controllers_path: Namespace of your controllers.
• ignore_list: List of routes to be ignored on permission check.

How to use the ACL?

Just add dynamicAcl middleware to your routes.

now you'll see list of the routes with dynamicAcl middleware on localhost:8000/admin/roles/create.

also, this middleware will check your admin access to the current route.

Access to the roles

You can write your queries with the Role model to get the list of roles and use it on your admin/user CRUD views.

use Iya30n\DynamicAcl\Models\Role;

Sync user roles

You can use sync, attach, and detach methods to assign user roles.

$user->roles()->sync([1, 2, 3,...]);

Get user roles

$user->roles()->get();

Check user access manually

Call the hasPermission method on the user and pass the route name:

auth()->user()->hasPermission('admin.articles.create');

Check whether the user has access to any routes of an entity:

auth()->user()->hasPermission('admin.articles.*')

Also, you can check if the user has access to his entity:

$user->hasPermission('admin.articles.update', $article);

// Or with a custom relation_key (default is 'user_id')
$user->hasPermission('admin.articles.update', $article, 'owner_id');

Check Ownership

Check manually whether the user is the owner of an entity:

$user->isOwner($article);

// Or with a custom relation_key
$user->isOwner($article, 'owner_id');

// Or pass it as ['model' => id]
$user->isOwner(['article' => $article->id]);

// Or with a custom model path
$user->isOwner(['App\\Article' => $article->id]);

Dynamic Policy

Using dynamic policy is straightforward too. Just add authorize middleware to your routes. You can pass the foreign key as a parameter (default is user_id). This middleware checks the foreign key of your entity.

NOTE: It is necessary to use route model binding on your controllers.