does anyone know a way of mapping the controller methods with permissions authorisation?
Let's say that I have 20 controllers, with index
, store
, show
and delete
methods and I don't wanna put in each method of this controller the correspondent permission, just for the sake of ... DRY.
What I wanna do instead is trying to map the permissions with controller actions.
An example would be:
https://laravel.com/docs/5.5/authorization#writing-gates
Gate::resource('posts', 'PostPolicy');
This is identical to manually defining the following Gate definitions:
Gate::define('posts.view', 'PostPolicy@view');
Gate::define('posts.create', 'PostPolicy@create');
Gate::define('posts.update', 'PostPolicy@update');
Gate::define('posts.delete', 'PostPolicy@delete');
for me something like this would fit:
Permission::map('route', 'permission');
Permission::map('users.store', 'create-user');
or even better
Permission::mapResource('users', '????');
I created a Trait for that, if you have a better suggestion please.
namespace App\Traits;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Request;
use Illuminate\Support\Pluralizer;
use Spatie\Permission\Exceptions\UnauthorizedException;
trait Authorisation
{
private $permissions = [
'index' => 'view',
'store' => 'create',
'show' => 'view',
'update' => 'edit',
'destroy' => 'delete'
];
private $action;
public function callAction($method, $parameters)
{
$permission = $this->getPermission($method);
if(($permission && Auth::user()->can($permission)) || !$permission)
return parent::callAction($method, $parameters);
if(Request::ajax()) {
return response()->json([
'response' => str_slug($permission.'_not_allowed', '_')
], 403);
}
throw UnauthorizedException::forPermissions([$permission]);
}
public function getPermission($method)
{
if(!$this->action = array_get($this->getPermissions(), $method)) return null;
return $this->routeName() ? $this->actionRoute() : $this->action;
}
public function registerActionPermission($action, $permission) {
$this->permissions[$action] = $permission;
}
private function actionRoute() {
return Pluralizer::singular($this->action . '-' . $this->routeName());
}
private function routeName() {
return explode('.', Request::route()->getName())[0];
}
private function getPermissions()
{
return $this->permissions;
}
}
And use it in controller like:
use Authorisation;
and if a want a custom permission for an action which does not exist in the $permissions
:
$this->registerActionPermission('action_name', 'action-permission');
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.