Skip to content
This repository has been archived by the owner on Feb 12, 2019. It is now read-only.

advancedSTORE/access-filter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
public
public
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
phpunit.xml
phpunit.xml
 
 

Repository files navigation

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Access Filter

This package adds functionality to laravel which allows you to create and use a simple permission filter for routes.

1. Installation

via Composer

First add the following line to your composer.json .

"advanced-store/access-filter": "dev-master"

Run this command in you CLI.

composer update

2. Configuration

Publish package config

Run the following command if you are installing for the first time.


    php artisan config:publish advanced-store/access-filter

Edit the configuration file accessFilterConfig and add the userPermissions. These should come either from your Sentry/User models or be hardcoded for testing purpose. In future these will be extractable through the ad4mat API client.

Add following lines to your app.php.

Provider


    'AdvancedStore\AccessFilter\AccessFilterServiceProvider',

Aliases


    'YourAlias' => 'AdvancedStore\AccessFilter\Facades\AccessFilterFacade',

Edit the configuration file permissionList.php and insert your route-names and the most nested minimum required permission the user must have to access this route.

My convention for permission naming is : 


        [{SystemName}].{ApplicationName}.{Root}.{SubScope}.[0..* {SubScope}]

Example :

Route-name is "admin/users" Required permission could be "myApplicationName.admin.users.listAll" The configuration array would look like this. 

    
        return [
            "admin/users"   =>  [
                "myApplicationName.admin.users.listAll",
            ],
        ]

It is also possible to set multiple sub-permissions which are equally leveled. The user is required to have only one of there. Notice that I prefer to use also dotted naming for my route-names. 


    return [
        "admin.users.index" =>  [
            "ad4mat.admin.users.read",
            "ad4mat.admin.users.self",
        ],
    ]

This can come in handy if the user should have the possibility to get access to the users.index route but he should only see his own profile or all , you can decide that inside of your controller.

3. Usage

To check for a certain permission for example if you want to use it in a sidebar menu to display only certain elements.

Structure


    YourAlias::hasPermission( permissionString )

Example from my code

@if( AccessFilter::hasPermission('ad4mat.admin.roles.read') )

If you want to use it to protect resources/routes than you create filter which calls the filter method and add it to which ever resource/route you like.

Create Filter

O2Client is my alias for the oauth2-client package which checks for a existence of a valid token before the actual filter check is applied. 


    Route::filter('accessFilter', function(){

    if( O2Client::hasValidAccessToken() == false )
        return Redirect::guest('logout');

    return AccessFilter::filter();
});</code>

Notice Laravel only creates route-names for resources if you use single routes you have to add them yourself. These are the ones matches against the configuration array.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

12 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages