diff --git a/app/Models/User.php b/app/Models/User.php index 26b85e23..e03c939a 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -4,6 +4,7 @@ namespace App\Models; use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Notifications\Notifiable; +use Spatie\Permission\Traits\HasRoles; /** * Class User @@ -20,6 +21,7 @@ use Illuminate\Notifications\Notifiable; class User extends Authenticatable { use Notifiable; + use HasRoles; /** * The attributes that are mass assignable. diff --git a/composer.json b/composer.json index 5530316c..99439d70 100644 --- a/composer.json +++ b/composer.json @@ -12,6 +12,7 @@ "laravel/tinker": "^1.0", "predis/predis": "^1.1", "shaarli/netscape-bookmark-parser": "^2.1", + "spatie/laravel-permission": "^2.31", "vinkla/alert": "^3.0.0", "watson/rememberable": "^2.0" }, diff --git a/composer.lock b/composer.lock index f4fd98eb..d4511416 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d30756d9ff7e8dc8438284fdd942175e", + "content-hash": "61ecf329332d3fe2925409dede678144", "packages": [ { "name": "dnoegel/php-xdg-base-dir", @@ -2385,6 +2385,71 @@ ], "time": "2018-10-06T14:43:38+00:00" }, + { + "name": "spatie/laravel-permission", + "version": "2.31.0", + "source": { + "type": "git", + "url": "https://github.com/spatie/laravel-permission.git", + "reference": "5f9960854295c6aec1c706aaa3b146962d6ee905" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/spatie/laravel-permission/zipball/5f9960854295c6aec1c706aaa3b146962d6ee905", + "reference": "5f9960854295c6aec1c706aaa3b146962d6ee905", + "shasum": "" + }, + "require": { + "illuminate/auth": "~5.3.0|~5.4.0|~5.5.0|~5.6.0|~5.7.0", + "illuminate/container": "~5.3.0|~5.4.0|~5.5.0|~5.6.0|~5.7.0", + "illuminate/contracts": "~5.3.0|~5.4.0|~5.5.0|~5.6.0|~5.7.0", + "illuminate/database": "~5.4.0|~5.5.0|~5.6.0|~5.7.0", + "php": ">=7.0" + }, + "require-dev": { + "orchestra/testbench": "~3.4.2|~3.5.0|~3.6.0|~3.7.0", + "phpunit/phpunit": "^5.7|6.2|^7.0", + "predis/predis": "^1.1" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Spatie\\Permission\\PermissionServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "Spatie\\Permission\\": "src" + }, + "files": [ + "src/helpers.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Freek Van der Herten", + "email": "freek@spatie.be", + "homepage": "https://spatie.be", + "role": "Developer" + } + ], + "description": "Permission handling for Laravel 5.4 and up", + "homepage": "https://github.com/spatie/laravel-permission", + "keywords": [ + "acl", + "laravel", + "permission", + "security", + "spatie" + ], + "time": "2019-02-04T03:56:54+00:00" + }, { "name": "swiftmailer/swiftmailer", "version": "v6.1.3", diff --git a/config/permission.php b/config/permission.php new file mode 100644 index 00000000..fbf9b898 --- /dev/null +++ b/config/permission.php @@ -0,0 +1,129 @@ + [ + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * Eloquent model should be used to retrieve your permissions. Of course, it + * is often just the "Permission" model but you may use whatever you like. + * + * The model you want to use as a Permission model needs to implement the + * `Spatie\Permission\Contracts\Permission` contract. + */ + + 'permission' => Spatie\Permission\Models\Permission::class, + + /* + * When using the "HasRoles" trait from this package, we need to know which + * Eloquent model should be used to retrieve your roles. Of course, it + * is often just the "Role" model but you may use whatever you like. + * + * The model you want to use as a Role model needs to implement the + * `Spatie\Permission\Contracts\Role` contract. + */ + + 'role' => Spatie\Permission\Models\Role::class, + + ], + + 'table_names' => [ + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'roles' => 'roles', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your permissions. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'permissions' => 'permissions', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your models permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_permissions' => 'model_has_permissions', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your models roles. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_roles' => 'model_has_roles', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'role_has_permissions' => 'role_has_permissions', + ], + + 'column_names' => [ + + /* + * Change this if you want to name the related model primary key other than + * `model_id`. + * + * For example, this would be nice if your primary keys are all UUIDs. In + * that case, name this `model_uuid`. + */ + + 'model_morph_key' => 'model_id', + ], + + /* + * When set to true, the required permission/role names are added to the exception + * message. This could be considered an information leak in some contexts, so + * the default setting is false here for optimum safety. + */ + + 'display_permission_in_exception' => false, + + 'cache' => [ + + /* + * By default all permissions are cached for 24 hours to speed up performance. + * When permissions or roles are updated the cache is flushed automatically. + */ + + 'expiration_time' => \DateInterval::createFromDateString('24 hours'), + + /* + * The key to use when tagging and prefixing entries in the cache. + */ + + 'key' => 'spatie.permission.cache', + + /* + * When checking for a permission against a model by passing a Permission + * instance to the check, this key determines what attribute on the + * Permissions model is used to cache against. + * + * Ideally, this should match your preferred way of checking permissions, eg: + * `$user->can('view-posts')` would be 'name'. + */ + + 'model_key' => 'name', + + /* + * You may optionally indicate a specific cache driver to use for permission and + * role caching using any of the `store` drivers listed in the cache.php config + * file. Using 'default' here means to use the `default` set in cache.php. + */ + + 'store' => 'default', + ], +]; diff --git a/database/migrations/2019_02_10_221213_create_permission_tables.php b/database/migrations/2019_02_10_221213_create_permission_tables.php new file mode 100644 index 00000000..33b1e669 --- /dev/null +++ b/database/migrations/2019_02_10_221213_create_permission_tables.php @@ -0,0 +1,102 @@ +increments('id'); + $table->string('name'); + $table->string('guard_name'); + $table->timestamps(); + }); + + Schema::create($tableNames['roles'], function (Blueprint $table) { + $table->increments('id'); + $table->string('name'); + $table->string('guard_name'); + $table->timestamps(); + }); + + Schema::create($tableNames['model_has_permissions'], function (Blueprint $table) use ($tableNames, $columnNames) { + $table->unsignedInteger('permission_id'); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type', ]); + + $table->foreign('permission_id') + ->references('id') + ->on($tableNames['permissions']) + ->onDelete('cascade'); + + $table->primary(['permission_id', $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary'); + }); + + Schema::create($tableNames['model_has_roles'], function (Blueprint $table) use ($tableNames, $columnNames) { + $table->unsignedInteger('role_id'); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type', ]); + + $table->foreign('role_id') + ->references('id') + ->on($tableNames['roles']) + ->onDelete('cascade'); + + $table->primary(['role_id', $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary'); + }); + + Schema::create($tableNames['role_has_permissions'], function (Blueprint $table) use ($tableNames) { + $table->unsignedInteger('permission_id'); + $table->unsignedInteger('role_id'); + + $table->foreign('permission_id') + ->references('id') + ->on($tableNames['permissions']) + ->onDelete('cascade'); + + $table->foreign('role_id') + ->references('id') + ->on($tableNames['roles']) + ->onDelete('cascade'); + + $table->primary(['permission_id', 'role_id']); + + app('cache') + ->store(config('permission.cache.store') != 'default' ? config('permission.cache.store') : null) + ->forget(config('permission.cache.key')); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + $tableNames = config('permission.table_names'); + + Schema::drop($tableNames['role_has_permissions']); + Schema::drop($tableNames['model_has_roles']); + Schema::drop($tableNames['model_has_permissions']); + Schema::drop($tableNames['roles']); + Schema::drop($tableNames['permissions']); + } +} diff --git a/database/seeds/DatabaseSeeder.php b/database/seeds/DatabaseSeeder.php index 91cb6d1c..64479c89 100644 --- a/database/seeds/DatabaseSeeder.php +++ b/database/seeds/DatabaseSeeder.php @@ -11,6 +11,6 @@ class DatabaseSeeder extends Seeder */ public function run() { - // $this->call(UsersTableSeeder::class); + $this->call(PermissionSeeder::class); } } diff --git a/database/seeds/PermissionSeeder.php b/database/seeds/PermissionSeeder.php new file mode 100644 index 00000000..af6354b1 --- /dev/null +++ b/database/seeds/PermissionSeeder.php @@ -0,0 +1,22 @@ + 'admin']); + $user = Role::create(['name' => 'user']); + } +}