Dynamic ACL is a package that handles Access Control Level on your Laravel Application. It's fast to run and simple to use. Install and enjoy ;)
- Check Permissions: Check routes dynamically on admin permissions.
- Simple Policy: Check user_id on your entities (if the admin has access to this).
- Make your authentication (session-based) system.
- Define a name for your routes.
composer require iya30n/dynamic-acl
php artisan vendor:publish
php artisan migrate
Don't worry about relationships; We handle them for you.
This command makes your first admin a super admin with a full-access level.
php artisan make:admin --role
Just run your application and visit locahost:8000/admin/roles
.
You'll see a list of your roles. You can create a new one, edit or delete them.
After publishing the vendor, you can change the configuration in the config/dynamicACL.php
file.
It has the following options:
- alignment: Changes UI alignment. It can be eigther RTL or LTR. Also, when you change your lang, CRUD roles will change in (fa, en).
- controllers_path: Namespace of your controllers.
- ignore_list: List of routes to be ignored on permission check.
Just add dynamicAcl middleware to your routes.
now you'll see list of the routes with dynamicAcl middleware on
localhost:8000/admin/roles/create
.also, this middleware will check your admin access to the current route.
You can write your queries with the Role model to get the list of roles and use it on your admin/user CRUD views.
use Iya30n\DynamicAcl\Models\Role;
You can use sync
, attach
, and detach
methods to assign user roles.
$user->roles()->sync([1, 2, 3,...]);
$user->roles()->get();
Call the hasPermission
method on the user and pass the route name:
auth()->user()->hasPermission('admin.articles.create');
Check whether the user has access to any routes of an entity:
auth()->user()->hasPermission('admin.articles.*')
Also, you can check if the user has access to his entity:
$user->hasPermission('admin.articles.update', $article);
// Or with a custom relation_key (default is 'user_id')
$user->hasPermission('admin.articles.update', $article, 'owner_id');
Check manually whether the user is the owner of an entity:
$user->isOwner($article);
// Or with a custom relation_key
$user->isOwner($article, 'owner_id');
// Or pass it as ['model' => id]
$user->isOwner(['article' => $article->id]);
// Or with a custom model path
$user->isOwner(['App\\Article' => $article->id]);
Using dynamic policy is straightforward too. Just add authorize middleware to your routes. You can pass the foreign key as a parameter (default is user_id). This middleware checks the foreign key of your entity.
NOTE: It is necessary to use route model binding on your controllers.