Authorization Component
Authorization Component gives you the ability to create custom ACL metrics which is unique to each of your extension/application. The component works best with Auth Component but you could as well implements Orchestra\Contracts\Auth\Guard.
In most other solutions, you are either restrict to file based configuration for ACL or only allow to define a single metric for your entire application. This simplicity would later become an issue depends on how many extensions do you have within your application.
Version Compatibility
| Laravel | Authorization |
|---|---|
| 5.0.x | 3.0.x |
| 5.1.x | 3.1.x |
| 5.2.x | [email protected] |
Installation
To install through composer, simply put the following in your composer.json file:
{
"require": {
"orchestra/authorization": "~3.0"
}
}And then run composer install from the terminal.
Quick Installation
Above installation can also be simplify by using the following command:
composer require "orchestra/authorization=~3.0"Configuration
Next add the service provider in config/app.php.
'providers' => [
// ...
Orchestra\Authorization\AuthorizationServiceProvider::class,
Orchestra\Memory\MemoryServiceProvider::class,
Orchestra\Memory\CommandServiceProvider::class,
],Aliases
To make development easier, you could add Orchestra\Support\Facades\ACL alias for easier reference:
'aliases' => [
'ACL' => Orchestra\Support\Facades\ACL::class,
],Usage
Concept of RBAC
| Name | Description |
|---|---|
| actions | Actions is either route or activity that we as a user can do (or not do). |
| roles | Roles are user group that a user can belong to. |
| acl | Is a boolean mapping between actions and roles, which determine whether a role is allow to do an action. |
Creating a New ACL Instance
<?php
$acl = ACL::make('acme');Imagine we have a acme extension, above configuration is all you need in your extension/application service provider.
Verifying the ACL
To verify the created ACL, you can use the following code.
$acl = ACL::make('acme');
if (! $acl->can('manage acme')) {
return redirect()->to(handles('orchestra::login'));
}Or you can create a route middleware.
<?php namespace Acme\Http\Middleware;
use Closure;
use Orchestra\Support\Facades\ACL;
class ManageAcme
{
public function handle($request, Closure $next)
{
if (! ACL::make('acme')->can('manage acme')) {
return redirect()->to(handles('orchestra::login'));
}
return $next($request);
}
}Integration with Memory Component
Integration with Memory Component would allow a persistent storage of ACL metric, this would eliminate the need to define ACL on every request.
Creating a New ACL Instance
<?php
ACL::make('acme')->attach(Memory::make());Migration Example
Since an ACL metric is defined for each extension, it is best to define ACL actions using a migration file.
<?php
use Orchestra\Model\Role;
use Illuminate\Database\Migrations\Migration;
class FooDefineAcl extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
$role = Role::admin();
$acl = ACL::make('acme');
$actions = ['manage acme', 'view acme'];
$acl->actions()->attach($actions);
$acl->roles()->add($role->name);
$acl->allow($role->name, $actions);
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
// nothing to do here.
}
}