Laravel角色和权限许可 [英] Laravel Roles & Permissions with Authority

问题描述

从我的研究中，我发现Authority软件包( https://github.com/machuga/Authority-l4 )最适合于实现基于角色/权限的用户身份验证系统，同时又保持灵活性.我在确切了解如何使用此程序包方面遇到困难.该文档涵盖了它的功能和配置，但没有解释一些内容.希望有人能指出我正确的方向.

From my research, I have found that the Authority package (https://github.com/machuga/authority-l4) is best for implementing a role/permissions based user auth system while maintaining flexibility. I am having trouble understanding exactly how to use this package. The documentation covers it's functions and configuration, but does not explain a few things. Was hoping someone could point me in the right direction.

配置文件的用途是什么?要指定权限?这些不存储在数据库中吗?

What is the purpose of the config file? To specify permissions? Are these not stored in the database?

我看到您可以使用别名"将权限分组在一起.如果我不想使用别名怎么办.有没有办法自行创建权限?

I see you can group permissions together using Aliases. What if I do not want to use an alias. Is there a way to create just a permission by itself?

我看到您可以为资源"创建规则，例如仅允许用户编辑分配给他们的帖子.该文档似乎对此没有太多信息.

I see you can create rules for Resources, such as only allowing a user to edit posts which they are assigned to. The documentation does not appear to have much information on this.

任何帮助将不胜感激.在互联网上进行了搜索，但找不到太多有关此软件包的信息.

Any help would be greatly appreciated. Searched the internet, but not finding much for this package.

推荐答案

我没有使用Authority，尽管我正在为项目查看它.根据我对文档的阅读，这是它的工作方式:

I haven't used Authority, although I am looking at it for a project. Based on my reading of the docs, here's the way it works:

config文件可用于指定程序包的配置.角色和权限 可以存储在数据库中(尽管不必如此).

The config file is there to specify configuration for the package. The roles & permissions can be stored in the database (although they don't have to be).

那里的配置文件告诉软件包如何工作.因此，例如，配置文件允许您为一个或多个权限设置别名-如果您使用别名，则需要先完成此操作，以便软件包按您期望的方式工作.再例如，可以(并且应该)在配置中设置规则(稍后).

The configuration file is there to tell the package how to work. So, for example, the config file allows you to set up aliases for one or more permissions - if you use aliases, this needs to be done up front, so that the package works the way you expect it to. As another example, the rules (more later) can (and should) be set up in the config.

请考虑以下配置(来自Authority文档):

Consider the following config (from the Authority docs):

return array(

    'initialize' => function($authority) {
        $user = $authority->getCurrentUser();

        //action aliases
        $authority->addAlias('manage', array('create', 'read', 'update', 'delete'));
        $authority->addAlias('moderate', array('read', 'update', 'delete'));

        //an example using the `hasRole` function, see below examples for more details
        if($user->hasRole('admin')){
            $authority->allow('manage', 'all');
        }
    }

);

这是做什么的?让我们逐步进行操作:

What is this doing? Let's go through it step-by-step:

首先，这指定了初始化应用程序时应该发生的事情.据推测，可能还会发生其他事件，但是我不确定为什么要在应用程序初始化后更改规则.初始化应用程序后，将调用闭包.

First, this is specifying something that's supposed to happen when the application is initialized. Presumably, there are other events that could occur, but I'm unsure why you'd want to change the rules after the app is initialized. When the app is initialized, the closure is called.

闭包执行此操作:

1. 获取当前用户-以后的规则取决于登录的人

1. gets the current user - later rules depend on who is logged in

设置了两个别名-因为我们很懒，并且不想一一指定create，read等的规则.我们可以只使用manage.

set up a couple of aliases - 'cuz we're lazy and don't want to specify rules for create, read, etc. one-by-one. We can just use manage instead.

接下来，它将检查当前用户.如果他们是管理员，则将获得all资源的manage权限.

next it checks the current user. If they're an admin, they get manage permissions for all resources.

如果访问控制信息存储在数据库中，则可以在此处加载它，并使用该数据来设置规则.

If your access control info is stored in the database, you could load it here and use that data to set up your rules.

现在，稍后在执行应用程序时，您需要检查并查看用户是否可以例如创建用户记录.在您的控制器中执行此操作:

Now, later on in the execution of your app, you need to check and see if the user can, for example, create a user record. Do this in your controller:

if( Authority::can('create', 'User') ) {
    User::create(array(
        'username' => 'someuser@test.com'
    )); 
} else {
    // what happens if the user's trying to do something they're not
    // allowed to do?
    throw new Exception("No way man!");
}

这将检查您在配置中设置的规则，并确定是否允许用户执行此操作.如果不是，则(在我的示例中)引发异常.您可能想更优雅地处理它.

This checks the rules you set up in your config, and determines if the user is allowed to do this. If they're not, then (in my example) throw an exception. You probably want to handle it more gracefully.

Authority使您可以灵活地更精确地定义权限.例如，

Authority gives you the flexibility to define your permissions much more precisely. For example,

Authority::allow('manage', 'User', function($self, $user){
    return $self->getCurrentUser()->id === $user->id;
});

此规则包括一项检查，该检查允许用户管理自己的用户记录，但无人管理.为此，您需要调整上面的示例.

This rule includes a check that allows a user to manage their own user record, but nobody else's. To do this, you need to adjust the example above.

if( Authority::can('update', 'User', $user) ) {
    $user->username = 'someuser@test.com';
    $user->save();
} else {
    // what happens if the user's trying to do something they're not
    // allowed to do?
    throw new Exception("What do you think you're doing?!");
}

在这种情况下，Authority实例作为$self传递到闭包中，然后检索当前用户ID并对照正在编辑的用户($user)进行检查.如果用户尝试编辑自己以外的其他人，则检查将失败.

In this case, the Authority instance gets passed into the closure as $self then the current user ID is retrieved and checked against the user being edited ($user). If the user is trying to edit someone other than themselves, the check fails.

这是一个非常基本的概述-希望对您有所帮助.

That's a very basic overview - hope it helps.

这篇关于Laravel角色和权限许可的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！