Simple ACL with LaravelBased on the tutorial by Ollie Read http://ollieread.com/blog/2014/03/18/a-simplified-laravel-acl/
Migrations
php artisan migrate:make create_acl_groups_table
<?php
use Illuminate\Database\Schema\Blueprint;use Illuminate\Database\Migrations\Migration;
class CreateAclGroupsTable extends Migration {
/** * Run the migrations. * * @return void */public function up(){
//Schema::create('acl_groups', function ($table){
$table->increments('id');$table->string('name', 50);$table->string('description', 255);
});}
/** * Reverse the migrations. * * @return void */public function down(){
//Schema::drop('acl_groups');
}
}
php artisan migrate:make create_acl_permissions_table
<?php
use Illuminate\Database\Schema\Blueprint;use Illuminate\Database\Migrations\Migration;
class CreateAclPermissionsTable extends Migration {
/** * Run the migrations. * * @return void */public function up(){
//Schema::create('acl_permissions', function($table){
$table->increments('id');$table->string('ident', 255);$table->string('description', 255);
});}
/** * Reverse the migrations. * * @return void */public function down(){
//Schema::drop('acl_permissions');
}
}
php artisan migrate:make create_acl_group_permissions_table
<?php
use Illuminate\Database\Schema\Blueprint;use Illuminate\Database\Migrations\Migration;
class CreateAclGroupPermissionsTable extends Migration {
/** * Run the migrations. * * @return void */public function up()
{//Schema::create('acl_group_permissions', function($table){
$table->integer('group_id', false);$table->integer('permission_id', false);
});}
/** * Reverse the migrations. * * @return void */public function down(){
//Schema::drop('acl_group_permissions');
}
}
php artisan migrate:make create acl_user_groups_table
<?php
use Illuminate\Database\Schema\Blueprint;use Illuminate\Database\Migrations\Migration;
class CreateAclUserGroupsTable extends Migration {
/** * Run the migrations. * * @return void */public function up(){
//Schema::create('acl_user_groups', function($table){
$table->integer('user_id', false);$table->integer('group_id', false);
});}
/** * Reverse the migrations. * * @return void */
public function down(){
//Schema::drop('acl_user_groups');
}
}
Models
AclGroup.php
<?php
class AclGroup extends Eloquent {protected $table = 'acl_groups';protected $fillable = array('name', 'description');
public $timestamps = false;
public function users() {return $this->belongsToMany('User', 'acl_user_groups', 'group_id', 'user_id');
}
public function permissions() {return $this->belongsToMany('AclPermission', 'acl_group_permissions', 'group_id',
'permission_id');}
}
AclPermission.php
<?php
class AclPermission extends Eloquent {protected $table = 'acl_permissions';protected $fillable = array('ident', 'description');public $timestamps = false;
public function groups(){return $this->belongsToMany('AclGroup', 'acl_group_permissions', 'group_id',
'permission_id');}
public function getKey(){
return $this->attributes['ident'];}
}
AclPermitted.php
<?phpclass AclPermittedFilter {
public function filter($route, $request){$user = Auth::user();$user->load('groups', 'groups.permissions');$permitted = false;
foreach($user->groups as $group){if ( $group->permissions->contains($route->getName()) ){
$permitted = true;break;
}}
if (!$permitted) {return Redirect::route('user.denied');
}}
public static function checkPermission($route){
$user = Auth::user();$user->load('groups', 'groups.permissions');$permitted = false;
foreach($user->groups as $group){if ( $group->permissions->contains($route) ){
$permitted = true;break;
}}
return $permitted;}
}
Sample Usage
routes.php
Route::filter('acl.permitted', 'AclPermittedFilter');
Route::group(array('prefix'=>'user'), function () {
Route::get('supersecret', array('before'=> ['auth.ldap', 'acl.permitted'],'as' => 'user.supersecret','uses' => 'UserController@supersecret'));
Route::get('denied', array('as' => 'user.denied','uses' => 'UserController@denied'));
});
From a view
@if ( AclPermittedFilter::checkPermission('user.supersecret') )<h5> You are allowed to view secret stuff</h5>
@endif