Laravel User permission to access certain pages?

StackOverflow https://stackoverflow.com/questions/23158564

Pregunta

I have created a slug pages as followed :

// Create pages table for dynamic pages
| id |  slug   |   title    | page_template |
|  0 | about   | about us   | about.blade   |
|  1 | contact | contact us | contact.blade |

I am going to access them through the following route:

// could be page/{slug} or only slug inside routes.php
Route::get('/{slug}', array('as' => 'page.show', 'uses' => 'PageController@show'));

Where I have a PageController, so this allows me to create pages dynamically. Referring to the solution here: Laravel Creating Dynamic Routes to controllers from Mysql database

I also have a roles table:

// Create roles table for
| id | name  |
|  0 | user  |
|  1 | admin |

I also have another table for permission:

// permission table 
| role_id | page_id |
|    0    |    0    |
|    0    |    1    |
|    1    |    1    |

This will help me out with setting permission per role type, so for example if you are a user you can only access about page, and if you are admin you can access all pages etc.

My Question is: how could I make this happen, do I add a filter to my route, that checks if the user can access that slug page? So do I do this inside routes.php or inside filters.php? And how?

Thanks for the help

¿Fue útil?

Solución

You need a setup like following. Create classes (models) with four tables (users, roles, permissions and permission_role):

Table roles:

id | name (role name)
1  | admin
2  | user

Model Role:

class Role extends ELoquent {

    protected $table = 'roles';

    public function users()
    {
        return $this->hasMany('User', 'role_id', 'id');
    }

    public function permissions()
    {
        return $this->belongsToMany('Permission');
    }
}

Table permissions:

id | name (permission name)
1  | manage_pages (add/edit/delete)
2  | manage_users (add/edit/delete)
3  | page_about (access allowed to about page)
4  | page_contact (access allowed to contact page)

Model Permission

class Permission extends ELoquent {

    protected $table = 'permissions';

    public function roles()
    {
        return $this->belongsToMany('Role');
    }
}

Table users:

id | username | email           | password | role_id | more...
1  | admin    | admin@ymail.com | hashed   |    1    | more...
2  | user1    | user1@ymail.com | hashed   |    2    | more...
3  | user2    | user2@ymail.com | hashed   |    2    | more...

Model User

class User extends ELoquent {

    protected $table = 'users';

    public function role()
    {
        return $this->belongsTo('Role', 'role_id', 'id');
    }

    public function can($perm = null)
    {
        if(is_null($perm)) return false;
        $perms = $this->role->permissions->fetch('name');
        return in_array($perm, $perms->toArray());
    }
}

Table permission_role (pivot table):

id | permission_id | role_id
1  | 1             | 1
2  | 2             | 1
3  | 3             | 1
4  | 4             | 1
5  | 3             | 2
6  | 4             | 2

Once you have this setup then you may create filters or in your class method you may check if a logged in user has specific rule or permission then allow access to a page, otherwise doesn't allow. For example, you may check if a logged in user can access a page using something like this:

if(Auth::user->can('manage_pages')) {
    // Let him/her to add/edit/delete any page
}

Since your pages are dynamic and all pages are being shown by show method then in your show method you may check something like this:

public function show($slug = 'home')
{
    // assumed page slug is 'about'
    $permission = 'page_' . $slug;
    if(Auth::user->can($permission)) {
        $page = page::whereSlug('home')->get();
        return View::make('pages.index')->with('page', $page);
    }
}

This is really a big issue and you have to figure it out by your self. I gave you the basic idea with some implementations, now you should extend it.

P/S: It's not possible to answer everything from the ground but I'm involved with another answer of this same project of your's and I suggested you to implement a permission base (ACL) so I tried to help but you need to try to implement the rest. All the best.

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top