介绍
您好亲爱的哈布罗夫恰恩。
我将继续在Laravel中发表有关高级资源授权的文章系列。为了更好地理解本文将要讨论的内容,您需要阅读第一部分。
首先,我将简要地重复问题的陈述:有大量的模型。有必要设计一个灵活且易于扩展的系统来根据用户角色授权用户操作。
在这一部分中,我们将讨论配置链接策略<=>网关。并且还提出了将用户权限写入数据库的选项之一。
当然,我将立即澄清这些材料是为练习程序员而设计的,对于新手开发人员来说很难理解。
第3部分。策略,网关
理论部分
Internet上有很多资料可以找到,主题是“选择策略还是选择登机门?”。在一段时间内,我还遇到了类似的错误,您需要选择一些东西。但是最后我得出了结论-这些是同一链中的两个链接,最有效地结合使用。
在Laravel中,确定此捆绑包有两个主要方向-手动和自动。我不会考虑手动,因为与设置自动捆绑软件相比,支持这种捆绑软件需要更多的程序员精力。
策略是特殊类,可为用户操作提供授权方法(权限)。而门是其预期目的的相反机制。它的任务是禁止政治上不允许的所有行动。因此,网关必须指定哪种策略控制哪种资源。标准的自动检测机制假定模型类位于app目录的根目录中。在一个或多或少复杂的项目中,这种模型存储在文件树中引入了令人不愉快的混乱。为此,我们同意将模型转移到app / Models文件夹。
Gate::guessPolicyNamesUsing('callback'). , boot() App\Providers\AuthServiceProvider( ).
Gate
(callback), guessPolicyNamesUsing() , . . : Policy . , , Laravel ( ). SuperAdmin , , — super-admin . — .
PHP 7.4 . 7.4 .
<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
class AuthServiceProvider extends ServiceProvider
{
public function boot()
{
$this->defineSuperAdmin();
$this->defineAutoDiscover();
}
private function defineAutoDiscover()
{
Gate::guessPolicyNamesUsing(function ($class) {
return str_replace("\\Models\\", "\\Policies\\" , $class) . 'Policy';
});
}
private function defineSuperAdmin()
{
Gate::before(function($user) {
return $user->hasRole('super-admin') ? true : null;
});
}
}
Policy
, , . . :
php artisan make:policy PostPolicy --model=Models/Post
. . , DRY,- , . , . , getModelClass() . , ( ). . (import export — )
<?php
protected function resourceAbilityMap()
{
return [
'index' => 'viewAny',
'show' => 'view',
'create' => 'create',
'store' => 'create',
'edit' => 'update',
'update' => 'update',
'destroy' => 'delete',
'import' => 'import',
'export' => 'export',
];
}
— , . , . . Spatie. laravel-permission. , — , , . , , . — , $user->can() $user->hasRole(), Spatie\Permission\Traits\HasRoles
(Models\User)
<?php
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable
{
use Notifiable;
use HasRoles;
}
, (Admin User, ) — HasRoles, .
.
(ModelPolicy)
<?php
namespace App\Policies;
use App\Models\User;
use App\Models\Post;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Database\Eloquent\Model;
abstract class ModelPolicy
{
use HandlesAuthorization;
abstract protected function getModelClass(): string;
public function viewAny(User $user)
{
return $user->can('view-any-' . $this->getModelClass());
}
public function view(User $user, Post $model)
{
return $user->can('view-' . $this->getModelClass());
}
public function create(User $user)
{
return $user->can('create-' . $this->getModelClass());
}
public function update(User $user, Post $model)
{
return $user->can('update-' . $this->getModelClass());
}
public function delete(User $user, Post $model)
{
return $user->can('delete-' . $this->getModelClass());
}
}
$user->can('ability') . . ''-' ', — ( ). (SoftDelete). , .
. Post getResourceName() .
(PostPolicy)
<?php
namespace App\Policies;
use App\Models\Post;
use App\Models\User;
use Illuminate\Database\Eloquent\Model;
class PostPolicy extends ModelPolicy
{
protected function getModelClass(): string
{
return Post::class;
}
public function import(User $user)
{
return $user->can('import-' . $this->getModelClass());
}
public function export(User $user, Post $model)
{
return $user->can('export-' . $this->getModelClass());
}
}
, import() , . — . . , .
, , . .
4. (Seeding)
, . .
spatie/laravel-permission, . .
:
composer require spatie/laravel-permission
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
(seeder)
php artisan make:seeder PermissionsSeeder
run() database/seeds/DatabaseSeeder.php. PermissionsSeeder .
(DatabaseSeeder)
<?php
use Illuminate\Database\Seeder;
class DatabaseSeeder extends Seeder
{
public function run()
{
$this->call(PermissionsSeeder::class);
}
}
, — PermissionsSeeder. database/data php . :
role => model => action
// (permissions_roles.php)
<?php
return [
'admin' => [
'App\\Models\\Post' => [
'view',
'view-any',
'create',
'update',
'delete',
'import',
'export',
],
],
'App\\Models\\Post' => [
'post' => [
'view',
'view-any',
],
],
];
. , , — .
(PermissionsSeeder)
<?php
use Illuminate\Database\Seeder;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
class PermissionsSeeder extends Seeder
{
private $data = [];
public function run()
{
$this->loadData();
$this->seedRoles();
}
public function loadData(): void
{
$this->data = require_once database_path("data/permissions_roles.php");
}
private function seedRoles(): void
{
Role::create(['name' => 'super-admin', 'guard_name' => 'api']);
foreach ($this->data as $roleName => $perms) {
$role = Role::create(['name' => $roleName, 'guard_name' => 'api']);
$this->seedRolePermissions($role, $perms);
}
}
private function seedRolePermissions(Role $role, array $modelPermissions): void
{
foreach ($modelPermissions as $model => $perms) {
$buildedPerms = collect($perms)
->crossJoin($model)
->map(function ($item) {
$perm = implode('-', $item);
Permission::findOrCreate($perm, 'api');
return $perm;
})->toArray();
$role->givePermissionTo($buildedPerms);
}
}
}
, - . , , . , , .
, :
- run() .
- loadData() database/data $data
- seedRoles() . , $data, . 'super-admin' , , .. ( AuthServiceProvider).
- seedRolePermissions() , , «» , (permission). . () — findOrCreate(), laravel-permissions. , , .
, . :
php artisan migrate --seed
. ! , :
- (Model).
- (Controller) ModelController.
- (Policy) ModelPolicy.
- .
, (. 1) (. ).
目前为止就这样了。希望本文对您有所帮助。并且,如果有人对用户权利和限制的更精细调整感兴趣,也就是对用户观看/更改模型特定属性的权利感兴趣,这
将在第三部分中讨论。