Laravel 5.1 and up user authorisation with roles and permissions

Author: ribedesign

CONTRIBUTING.md

@@ -0,0 +1,32 @@
+# Contributing
+
+Contributions are **welcome** and will be fully **credited**.
+
+We accept contributions via Pull Requests on [Github](https://github.com/ribedesign/laravel-authorisation).
+
+
+## Pull Requests
+
+- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer).
+
+- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
+
+- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date.
+
+- **Consider our release cycle** - We try to follow [SemVer v2.0.0](http://semver.org/). Randomly breaking public APIs is not an option.
+
+- **Create feature branches** - Don't ask us to pull from your master branch.
+
+- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
+
+- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](http://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting.
+
+
+## Running Tests
+
+``` bash
+$ phpunit
+```
+
+
+**Happy coding**!

LICENSE.md

@@ -0,0 +1,21 @@
+# The MIT License (MIT)
+
+Copyright (c) Ribedesign <[email protected]>
+
+> Permission is hereby granted, free of charge, to any person obtaining a copy
+> of this software and associated documentation files (the "Software"), to deal
+> in the Software without restriction, including without limitation the rights
+> to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+> copies of the Software, and to permit persons to whom the Software is
+> furnished to do so, subject to the following conditions:
+>
+> The above copyright notice and this permission notice shall be included in
+> all copies or substantial portions of the Software.
+>
+> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+> IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+> FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+> AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+> LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+> THE SOFTWARE.

README.md

@@ -1 +1 @@
-# laravel-authorisation
+# Laravel 5.1 and up user authorisation with roles and permissions

composer.json

@@ -0,0 +1,54 @@
+{
+    "name": "ribedesign/laravel-authorisation",
+    "description": "Laravel 5.1 and up user authorisation with roles and permissions",
+    "keywords": [
+        "ribedesign",
+        "laravel",
+        "authorisation",
+        "acl",
+        "security"
+    ],
+    "homepage": "https://github.com/ribedesign/laravel-authorisation",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Jaco Rietberg",
+            "email": "[email protected]",
+            "homepage": "https://www.ribedesign.nl",
+            "role": "Developer"
+        }
+    ],
+    "require": {
+        "php" : ">=5.6.0",
+        "laravel/framework": "~5.1.11|~5.2.0|~5.3.0|~5.4.0|~5.5.0",
+        "illuminate/contracts": "~5.1.0|~5.2.0|~5.3.0|~5.4.0|~5.5.0"
+    },
+    "require-dev": {
+        "monolog/monolog": "^1.22",
+        "orchestra/testbench": "~3.3.0|~3.4.0|~3.5.0",
+        "phpunit/phpunit" : "^5.7.8|~6.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Ribedesign\\Authorisation\\": "src"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Ribedesign\\Authorisation\\Test\\": "tests"
+        }
+    },
+    "scripts": {
+        "test": "phpunit"
+    },
+    "config": {
+        "sort-packages": true
+    },
+    "extra": {
+        "laravel": {
+            "providers": [
+                "Ribedesign\\Authorisation\\AuthorisationServiceProvider"
+            ]
+        }
+    }
+}

resources/config/laravel-authorisation.php

@@ -0,0 +1,126 @@
+<?php
+
+return [
+
+    'models' => [
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * Eloquent model should be used to retrieve your roles. Of course, it
+         * is often just the "Role" model but you may use whatever you like.
+         *
+         * The model you want to use as a Role model needs to implement the
+         * `Ribedesign\Authorisation\Contracts\Role` contract.
+         */
+
+        'role' => Ribedesign\Authorisation\Models\Role::class,
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * Eloquent model should be used to retrieve your permissions. Of course, it
+         * is often just the "Permission" model but you may use whatever you like.
+         *
+         * The model you want to use as a Permission model needs to implement the
+         * `Ribedesign\Authorisation\Contracts\Permission` contract.
+         */
+
+        'permission' => Ribedesign\Authorisation\Models\Permission::class,
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * Eloquent model should be used to retrieve your permissions. Of course, it
+         * is often just the "Object" model but you may use whatever you like.
+         *
+         * The model you want to use as a Object model needs to implement the
+         * `Ribedesign\Authorisation\Contracts\Object` contract.
+         */
+
+        'object' => Ribedesign\Authorisation\Models\Object::class,
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * Eloquent model should be used to retrieve your permissions. Of course, it
+         * is often just the "Action" model but you may use whatever you like.
+         *
+         * The model you want to use as a Object model needs to implement the
+         * `Ribedesign\Authorisation\Contracts\Action` contract.
+         */
+
+        'action' => Ribedesign\Authorisation\Models\Action::class,
+
+    ],
+
+    'table_names' => [
+
+        /*
+         * The table that your application uses for users. This table's model will
+         * be using the "HasRoles" and "HasPermissions" traits.
+         */
+
+        'users' => 'users',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your roles. We have chosen a basic
+         * default value but you may easily change it to any table you like.
+         */
+
+        'roles' => 'roles',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your permissions. We have chosen a basic
+         * default value but you may easily change it to any table you like.
+         */
+
+        'permissions' => 'permissions',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your objects. We have chosen a basic
+         * default value but you may easily change it to any table you like.
+         */
+
+        'objects' => 'objects',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your actions. We have chosen a basic
+         * default value but you may easily change it to any table you like.
+         */
+
+        'actions' => 'actions',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your users permissions. We have chosen a
+         * basic default value but you may easily change it to any table you like.
+         */
+
+        'user_has_permissions' => 'user_has_permissions',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your users roles. We have chosen a
+         * basic default value but you may easily change it to any table you like.
+         */
+
+        'user_has_roles' => 'user_has_roles',
+
+        /*
+         * When using the "HasRoles" trait from this package, we need to know which
+         * table should be used to retrieve your roles permissions. We have chosen a
+         * basic default value but you may easily change it to any table you like.
+         */
+
+        'role_has_permissions' => 'role_has_permissions',
+    ],
+
+    'foreign_keys' => [
+
+        /*
+         * The name of the foreign key to the users table.
+         */
+        'users' => 'user_id',
+    ],
+];

resources/migrations/create_authorisation_tables.php.stub

@@ -0,0 +1,115 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+
+class CreateAuthorisationTables extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        $tableNames = config('laravel-authorisation.table_names');
+        $foreignKeys = config('laravel-authorisation.foreign_keys');
+
+        Schema::create($tableNames['roles'], function (Blueprint $table) {
+            $table->increments('id');
+            $table->integer('parent_id')->unsigned()->default(0);
+            $table->string('name')->unique();
+            $table->timestamps();
+        });
+
+        Schema::create($tableNames['permissions'], function (Blueprint $table) {
+            $table->increments('id');
+            $table->string('name')->unique();
+            $table->integer('object_id')->unsigned();
+            $table->integer('action_id')->unsigned();
+            $table->integer('enabled')->unsigned()->default(1);
+            $table->timestamps();
+        });
+
+        Schema::create($tableNames['objects'], function (Blueprint $table) {
+            $table->increments('id');
+            $table->string('name')->unique();
+            $table->timestamps();
+        });
+
+        Schema::create($tableNames['actions'], function (Blueprint $table) {
+            $table->increments('id');
+            $table->string('name')->unique();
+            $table->timestamps();
+        });
+
+        Schema::create($tableNames['user_has_permissions'], function (Blueprint $table) use ($tableNames, $foreignKeys) {
+            $table->integer($foreignKeys['users'])->unsigned();
+            $table->integer('permission_id')->unsigned();
+
+            $table->foreign($foreignKeys['users'])
+                ->references('id')
+                ->on($tableNames['users'])
+                ->onDelete('cascade');
+
+            $table->foreign('permission_id')
+                ->references('id')
+                ->on($tableNames['permissions'])
+                ->onDelete('cascade');
+
+            $table->primary([$foreignKeys['users'], 'permission_id']);
+        });
+
+        Schema::create($tableNames['user_has_roles'], function (Blueprint $table) use ($tableNames, $foreignKeys) {
+            $table->integer('role_id')->unsigned();
+            $table->integer($foreignKeys['users'])->unsigned();
+
+            $table->foreign('role_id')
+                ->references('id')
+                ->on($tableNames['roles'])
+                ->onDelete('cascade');
+
+            $table->foreign($foreignKeys['users'])
+                ->references('id')
+                ->on($tableNames['users'])
+                ->onDelete('cascade');
+
+            $table->primary(['role_id', $foreignKeys['users']]);
+        });
+
+        Schema::create($tableNames['role_has_permissions'], function (Blueprint $table) use ($tableNames) {
+            $table->integer('permission_id')->unsigned();
+            $table->integer('role_id')->unsigned();
+
+            $table->foreign('permission_id')
+                ->references('id')
+                ->on($tableNames['permissions'])
+                ->onDelete('cascade');
+
+            $table->foreign('role_id')
+                ->references('id')
+                ->on($tableNames['roles'])
+                ->onDelete('cascade');
+
+            $table->primary(['permission_id', 'role_id']);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        $tableNames = config('laravel-authorisation.table_names');
+
+        Schema::drop($tableNames['role_has_permissions']);
+        Schema::drop($tableNames['user_has_roles']);
+        Schema::drop($tableNames['user_has_permissions']);
+        Schema::drop($tableNames['roles']);
+        Schema::drop($tableNames['permissions']);
+        Schema::drop($tableNames['objects']);
+        Schema::drop($tableNames['actions']);
+    }
+}