Enhance Laravel 11 with opinionated extension for spatie/laravel-permissions. Before your permission list grows and maintenance becomes an issue, this package offers simple way of defining roles and their permissions.
You can install the package via composer:
composer require binary-cats/laravel-rbac
You can publish the config file with:
php artisan vendor:publish --tag="rbac-config"
This is the contents of the published config file:
return [
/*
|--------------------------------------------------------------------------
| Role base access reset control
|--------------------------------------------------------------------------
|
| When running rbac:reset those commands will be executed in sequence
|
*/
'jobs' => [
\BinaryCats\LaravelRbac\Jobs\FlushPermissionCache::class,
\BinaryCats\LaravelRbac\Jobs\ResetPermissions::class,
\BinaryCats\LaravelRbac\Jobs\SyncDefinedRoles::class,
],
/*
|--------------------------------------------------------------------------
| Role base access ability set
|--------------------------------------------------------------------------
|
| Place your ability files in this folder, and they will be auto discovered
|
*/
'path' => app()->path('Abilities'),
/*
|--------------------------------------------------------------------------
| Defined Roles
|--------------------------------------------------------------------------
|
| Defined roles are immutable by users
|
*/
'roles' => [
],
];
php artisan rbac:reset
In a simple setup we usually have two basic parts of an RBAC: a permission and a role. Permissions are usually grouped by functional or business logic domain and a Role encapsulates them for a specific guard.
To avoid collision with spatie/laravel-permission
we are going to use BackedEnum
Ability enums to hold out enumerated permissions:
You can read more on using enums
as permissions at the official docs.
To create an Ability:
php artisan make:ability PostAbility
This will generate a PostAbility
in App\Abilities
:
namespace App\Abilities;
enum PostAbility: string
{
case ViewPost = 'view post';
case CreatePost = 'create post';
case UpdatePost = 'update post';
case DeletePost = 'delete post';
}
Default stub contains fairly standard CRUD enumeration, generated using the name of the ability. Feel free to publish the stubs and adjsut as needed.
As the name suggests, a DefinedRole
offers a mechanism to simplify the definition of all permissions needed for a given role.
To create an EditorRole
run:
php artisan make:role EditorRole
This will generate an EditorRole
within App\Roles
:
use BinaryCats\LaravelRbac\DefinedRole;
class EditorRole extends DefinedRole
{
/** @var array|string[] */
protected array $guards = [
'web'
];
/**
* List of enumerated permissions for the `web` guard
*
* @return array
*/
public function web(): array
{
return [];
}
}
This class contains a (now testable!) configuration definition for the role and its web
guard. Pretty neat!
We can now adjust it like so:
namespace App\Roles;
use App\Abilities\PostAbility;
use BinaryCats\LaravelRbac\DefinedRole;
class EditorRole extends DefinedRole
{
/** @var array|string[] */
protected array $guards = [
'web'
];
/**
* List of enumerated permissions for the `web` guard
*
* @return array
*/
public function web(): array
{
return [
PostAbility::CreatePost,
PostAbility::UpdatePost,
PostAbility::ViewPost,
];
}
}
Now you are confident a specific role has specific permissions!
Now that we have the abilities and roles, simply register role with rbac.php
config:
'roles' => [
\App\Roles\EditorRole::class,
...
],
When you run rbac:reset
next time, your RBAC will be reset automatically.
I suggest adding the script to post-autoload-dump
of your composer.json
to make sure the RBAC is reset on every composer dump:
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan rbac:reset"
],
composer test
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email [email protected] instead of using issue tracker.
You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.
The MIT License (MIT). Please see License File for more information.