Laravel 角色和具有权限的权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24919607/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel Roles & Permissions with Authority
提问by Chris
From my research, I have found that the Authority package (https://github.com/machuga/authority-l4) is best for implementing a role/permissions based user auth system while maintaining flexibility. I am having trouble understanding exactly how to use this package. The documentation covers it's functions and configuration, but does not explain a few things. Was hoping someone could point me in the right direction.
根据我的研究,我发现授权包 ( https://github.com/machuga/authority-l4) 最适合在保持灵活性的同时实现基于角色/权限的用户身份验证系统。我无法准确理解如何使用此软件包。文档涵盖了它的功能和配置,但没有解释一些事情。希望有人能指出我正确的方向。
What is the purpose of the config file? To specify permissions? Are these not stored in the database?
配置文件的目的是什么?指定权限?这些不是存储在数据库中吗?
I see you can group permissions together using Aliases. What if I do not want to use an alias. Is there a way to create just a permission by itself?
我看到您可以使用别名将权限组合在一起。如果我不想使用别名怎么办。有没有办法自己创建一个权限?
I see you can create rules for Resources, such as only allowing a user to edit posts which they are assigned to. The documentation does not appear to have much information on this.
我看到您可以为资源创建规则,例如只允许用户编辑分配给他们的帖子。该文档似乎没有太多关于此的信息。
Any help would be greatly appreciated. Searched the internet, but not finding much for this package.
任何帮助将不胜感激。搜索了互联网,但没有找到太多关于此包的信息。
回答by Kryten
I haven't used Authority, although I am looking at it for a project. Based on my reading of the docs, here's the way it works:
我没有使用过 Authority,虽然我正在为一个项目寻找它。根据我对文档的阅读,这是它的工作方式:
The configfile is there to specify configuration for the package. The roles & permissions canbe stored in the database (although they don't have to be).
该config文件用于指定包的配置。角色和权限可以存储在数据库中(尽管它们不是必须的)。
The configuration file is there to tell the package how to work. So, for example, the config file allows you to set up aliases for one or more permissions - if you use aliases, this needs to be done up front, so that the package works the way you expect it to. As another example, the rules (more later) can (and should) be set up in the config.
配置文件用于告诉包如何工作。因此,例如,配置文件允许您为一个或多个权限设置别名——如果您使用别名,这需要预先完成,以便包按您期望的方式工作。作为另一个例子,规则(稍后更多)可以(并且应该)在配置中设置。
Consider the following config (from the Authority docs):
考虑以下配置(来自权威文档):
return array(
'initialize' => function($authority) {
$user = $authority->getCurrentUser();
//action aliases
$authority->addAlias('manage', array('create', 'read', 'update', 'delete'));
$authority->addAlias('moderate', array('read', 'update', 'delete'));
//an example using the `hasRole` function, see below examples for more details
if($user->hasRole('admin')){
$authority->allow('manage', 'all');
}
}
);
What is this doing? Let's go through it step-by-step:
这是在做什么?让我们一步一步来:
First, this is specifying something that's supposed to happen when the application is initialized. Presumably, there are other events that could occur, but I'm unsure why you'd want to change the rules after the app is initialized. When the app is initialized, the closure is called.
首先,这是指定在应用程序初始化时应该发生的事情。据推测,可能还会发生其他事件,但我不确定您为什么要在应用程序初始化后更改规则。当应用程序被初始化时,闭包被调用。
The closure does this:
闭包是这样做的:
gets the current user - later rules depend on who is logged in
set up a couple of aliases - 'cuz we're lazy and don't want to specify rules for
create,read, etc. one-by-one. We can just usemanageinstead.next it checks the current user. If they're an admin, they get
managepermissions forallresources.
获取当前用户 - 后面的规则取决于谁登录
成立了几个别名- “因为我们是懒惰,不想指定的规则
create,read等一个接一个。我们可以直接使用manage。接下来它检查当前用户。如果他们是管理员,他们将获得资源
manage权限all。
If your access control info is stored in the database, you could load it here and use that data to set up your rules.
如果您的访问控制信息存储在数据库中,您可以在此处加载它并使用该数据来设置您的规则。
Now, later on in the execution of your app, you need to check and see if the user can, for example, create a user record. Do this in your controller:
现在,稍后在执行您的应用程序时,您需要检查并查看用户是否可以,例如,创建用户记录。在您的控制器中执行此操作:
if( Authority::can('create', 'User') ) {
User::create(array(
'username' => '[email protected]'
));
} else {
// what happens if the user's trying to do something they're not
// allowed to do?
throw new Exception("No way man!");
}
This checks the rules you set up in your config, and determines if the user is allowed to do this. If they're not, then (in my example) throw an exception. You probably want to handle it more gracefully.
这会检查您在配置中设置的规则,并确定是否允许用户执行此操作。如果不是,则(在我的示例中)抛出异常。您可能希望更优雅地处理它。
Authority gives you the flexibility to define your permissions much more precisely. For example,
权限使您可以灵活地更精确地定义您的权限。例如,
Authority::allow('manage', 'User', function($self, $user){
return $self->getCurrentUser()->id === $user->id;
});
This rule includes a check that allows a user to manage their own user record, but nobody else's. To do this, you need to adjust the example above.
此规则包括一项检查,允许用户管理自己的用户记录,但不能管理其他人的记录。为此,您需要调整上面的示例。
if( Authority::can('update', 'User', $user) ) {
$user->username = '[email protected]';
$user->save();
} else {
// what happens if the user's trying to do something they're not
// allowed to do?
throw new Exception("What do you think you're doing?!");
}
In this case, the Authority instance gets passed into the closure as $selfthen the current user ID is retrieved and checked against the user being edited ($user). If the user is trying to edit someone other than themselves, the check fails.
在这种情况下,Authority 实例被传递到闭包中,$self然后检索当前用户 ID 并根据正在编辑的用户 ( $user)进行检查。如果用户试图编辑除他们自己以外的其他人,则检查失败。
That's a very basic overview - hope it helps.
这是一个非常基本的概述 - 希望它有所帮助。
回答by Ajay Gupta
There are so many package built in Laravel to implement role and permission but I find that spatie/laravel-permissionis the best.
Laravel 中内置了很多包来实现角色和权限,但我发现这spatie/laravel-permission是最好的。
I found the solution from User role and permission in Laravel
我从Laravel 中的用户角色和权限中找到了解决方案
回答by Chris
So it appears Authority l4 is just a Facade addon. The actual package itself resides here: https://github.com/machuga/authority
所以看起来 Authority l4 只是一个 Facade 插件。实际的包本身驻留在此处:https: //github.com/machuga/authority
The documentation here is much more thorough. This should be specified on the l4 package.
此处的文档要详尽得多。这应该在 l4 包上指定。
