menu

Laravel Access Control List

The Laravel ACL package is open-sourced software and licensed under the terms of MIT license.This package allows you to manage user permissions and groups in a database.

Getting started

Installation

To get started with laravel-acl, use Composer to add the package to your project's dependencies:

  
    composer require mateusjunges/laravel-acl 
        
Setup

After installing the laravel-acl package, register the service provider in config/app.php configuration file:

  
    'providers' => [
      Junges\ACL\ACLServiceProvider::class,
      Junges\ACL\ACLAuthServiceProvider::class,
      Junges\ACL\ACLEventsServiceProvider::class,
  ]; 
        
Install using acl:install command

You can install this package by running the provided install command:

  
    php artisan acl:install
        
Step by step installation

All migrations required for this package are already included. If you need to customize the tables, you can publish the migrations with:

  
    php artisan vendor:publish --provider="Junges\ACL\ACLServiceProvider" --tag="acl-migrations" 
        

And set the config for custom_migrations to true, which is false by default.

  
    'custom_migrations' => true, 
        

After the migrations has been published you can create the tables on your database by running the migrations:

  
    php artisan migrate 
        

If you change the table names on migrations, please publish the config file and update the tables array. You can publish the config file with:

  
    php artisan vendor:publish --provider="Junges\ACL\ACLServiceProvider" --tag="acl-config"
          

Usage

First of all, use the UsersTrait.php on your User model:


<?php

namespace App;
use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Junges\ACL\Traits\UsersTrait;
class User extends Authenticatable
{
    use HasApiTokens, Notifiable,UsersTrait;

  
} 
      

You can add permissions to a user using the function below, using as parameter permissions slugs, permissions ids or instance of permissions model. Beside that, you can also combine this 3 ways, using a permission id, one instance of permission model and a permission slug too. As for demo propose we assign user to a group and revoke group according to route call.


<?php

namespace App\Http\Controllers;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use App\User;
use \Junges\ACL\Http\Models\Group;
use Illuminate\Support\Facades\DB;
use \Junges\ACL\Http\Models\Permission;
use Illuminate\Http\Request;

class AccessController extends Controller
{
    public function index(){

        // Breadcrumbs  
         $breadcrumbs = [
            ['link' => "modern", 'name' => "Home"], ['link' => "javascript:void(0)", 'name' => " Extra Components"], ['name' => "Access Controller"],
        ];
        //Pageheader set true for breadcrumbs
        $pageConfigs = ['pageHeader' => true];
     
            
            return view('pages.access-control',['pageConfigs'=>$pageConfigs,'breadcrumbs'=>$breadcrumbs]);
        }
    
        public function roles($role){
            if(Auth::user()){
                // check group is empty
                $group = DB::table('groups')->count();
                if($group == null){
                    //if group empty add two group and assign permission
                    $group = new Group;            
                    $group->name = "Admin";
                    $group->slug = "admin-user";
                    $group->description = "Monitor and manage everything";
                    $group->save();
                    $group->assignAllPermissions();
    
                    $group = new Group;            
                    $group->name = "Editor";
                    $group->slug = "editor-user";
                    $group->description = "User can only edit post.";
                    $group->save();
                    $group->assignPermissions('edit-post');
               } 
            //    if 
                $user = Auth::user();
                $user->assignGroup('admin-user', 'editor-user');
                if($role === 'admin'){
                    $user->assignAllGroups();
                }
                else{
                    $user->revokeAllGroups();
                    $user->assignGroup('editor-user'); 
                }
            }
            return redirect()->back();
        }
        public function home(){
            return view('pages.dashboard-ecommerce');
        }
}
      

If you want to use the middleware provided by this package ( PermissionMiddleware , GroupMiddleware , HierarchicalPermissions e PermissionOrGroupMiddleware ), you need to add them to the app/Http/Kernel.php file, inside the routeMiddleware array:

  
    protected $routeMiddleware = [
    'permissions' => \Junges\ACL\Middlewares\PermissionMiddleware::class,
    'groups' => \Junges\ACL\Middlewares\GroupMiddleware::class,
    'permissionOrGroup' => \Junges\ACL\Middlewares\PermissionOrGroupMiddleware::class,
    'hierarchical_permissions' => \Junges\ACL\Middlewares\HierarchicalPermissionsMiddleware::class
  ];
        

Then you can protect you routes using middleware rules:

  
    // acess controller
    Route::get('/access-control', 'AccessController@index');
    Route::get('/access-control/{roles}', 'AccessController@roles');
    Route::get('/modern-admin', 'AccessController@home')->middleware('permissions:approve-post');
      

Using artisan commands

You can create a group or a permission from a console with artisan commands:

  
    php artisan group:create name slug description
        
  
    php artisan permission:create name slug description
        

You'll need to create two permission using artisan commands. Run below command.

  
    php artisan permission:create edit edit-post description
    php artisan permission:create approve approve-post description 
        

We used wildcard route for assign and revoke groups to users.

  
    <div class="roles">
      <a href="access-control/admin" class="btn btn-primary mr-2">Admin<a>
      <a href="access-control/editor" class="btn btn-secondary">Editor<a>
    <div>
        
Blade and permissions

To check for permissions with this package, you can still using laravel built in @can blade directive and can() method:

  
    @can('approve-post')
    <button class="btn btn-primary">Only Admin</button>
    @endcan
          
;