Laravel premission ,可以方便的搭建基于 RBAC 的用户角色权限管理系统。
GitHub: https://github.com/spatie/laravel-permission 文档:https://spatie.be/docs/laravel-permission/v5/introduction
安装
composer require spatie/laravel-permission
发布数据库迁移文件和 config/permission.php 配置文件:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
Copying file [vendor/spatie/laravel-permission/config/permission.php] to [config/permission.php] ........... DONE
Copying file [vendor/spatie/laravel-permission/database/migrations/create_permission_tables.php.stub] to [database/migrations/2023_03_26_071308_create_permission_tables.php]
php artisan migrate
其中 permissions 和 roles 字段是一样的,其中 name 字段用于保存权限或角色,比如我们创建一个 user:edit 的权限,如果需要添加描述 编辑用户,则当前的设计不满足需求,因此可以在 2023_03_26_071308_create_permission_tables.php 文件中根据需求添加字段,:
Schema::create($tableNames['permissions'], function (Blueprint $table) {
$table->string('name');
$table->string('display_name');
...
});
Schema::create($tableNames['roles'], function (Blueprint $table) use ($teams, $columnNames) {
$table->string('name');
$table->string('display_name');
...
});
使用
1、在 User 模型中添加 trait:
<?php
namespace App\Models;
use Spatie\Permission\Traits\HasPermissions;
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable, HasRoles, HasPermissions;
}
2、创建权限
php artisan make:controller PermissionController --resource
<!-- routes/web.php -->
Route::resource('/permissions', \App\Http\Controllers\PermissionController::class);
<?php
namespace App\Http\Controllers;
use Spatie\Permission\Models\Permission;
class PermissionController extends Controller
{
public function create()
{
Permission::create([
'name' => 'post:create',
'display_name' => '写文章'
]);
Permission::create([
'name' => 'post:edit',
'display_name' => '编辑文章'
]);
}
3、创建角色
php artisan make:controller RoleController --resource
<!-- routes/web.php -->
Route::resource('/roles', \App\Http\Controllers\RoleController::class);
<?php
namespace App\Http\Controllers;
use Spatie\Permission\Models\Role;
class RoleController extends Controller
{
public function create()
{
Role::create([
'name' => 'editor',
'display_name' => '编辑'
]);
}
4、给权限绑定角色/给角色分配权限
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
class PermissionController extends Controller
{
public function roles(Request $request){
$permission = Permission::where('name', 'poser:create')->first();
$role = Role::where('name', 'editor')->first();
$permission->assignRole($role);
}
}
或者
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
class RoleController extends Controller
{
public function permissions(Request $request)
{
$permission = Permission::where('name', 'poser:create')->first();
$role = Role::where('name', 'editor')->first();
$role->givePermissionTo($permission);
}
}
可以给角色一次分配多个权限或者给权限一次绑定多个角色:
$role->syncPermissions($permissions);
$permission->syncRoles($roles);
参考文档了解。
5、给用户分配角色
<?php
namespace App\Http\Controllers;
use App\Models\Profile;
use App\Models\Role;
use App\Models\User;
class UserController extends Controller
{
public function roles(Request $request){
/** @var User $user */
$user = User::find(1);
$user->assignRole(['editor']);
}
}
6、权限判断
<?php
namespace App\Http\Controllers;
use App\Models\Post;
use App\Models\User;
use Illuminate\Http\Request;
class PostController extends Controller
{
public function create(Request $request)
{
/** @var User $user */
$user = $request->user();
if (!$user->hasAnyPermission('post:create')){
abort(403, '您没有权限');
}
}
7、定义超级管理员(Super-Admin)
一般情况下,默认超级管理员拥有全部权限。
use Illuminate\Support\Facades\Gate;
class AuthServiceProvider extends ServiceProvider
{
public function boot()
{
$this->registerPolicies();
Gate::before(function ($user, $ability) {
return $user->hasRole('SuperAdmin') ? true : null;
});
}
}
更多细节请参考文档。
有0条评论