好一個角色,所以我想的Intranet上使用Laravel實現一個ACL,我有一些問題的權限增長很快出來的控制。所以第一關,這裏就是我的了:Laravel 5.2 ACL如何有多個同名的權限,並避免每個用戶
我的五個表定義我的用戶,我的角色和我的權限是這樣的:
tblIntranetUser
UserID
Name
FirstName
Username
tblIntranetRoles
RoleID
RoleName
Description
tblIntranetPermissions
PermissionID
PermissionName
Description
tblIntranetRoles_Permissions
RoleID
PermissionID
tblIntranetUsers_Roles
UserID
RoleID
而且我也有AuthServiceProvider以及權限和角色型號:
class Permission extends Model
{
/**
* The database table used by the model.
*
* @var string
*/
protected $table = 'tblIntranetPermissions';
protected $primaryKey = 'PermissionID';
public $timestamps = false;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = ['PermissionID', 'PermissionName', 'Description'];
public function roles()
{
return $this->belongsToMany('App\Role', 'tblIntranetRoles_Permissions', 'PermissionID', 'RoleID');
}
public function detachAllRoles()
{
$roles = $this->roles;
foreach($roles as $role){
$role->permissions()->detach($this);
}
}
}
namespace App;
use Illuminate\Database\Eloquent\Model;
use App\User;
class Role extends Model
{
/**
* The database table used by the model.
*
* @var string
*/
protected $table = 'tblIntranetRoles';
protected $primaryKey = 'RoleID';
public $timestamps = false;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = ['RoleID', 'RoleName', 'Description'];
public function permissions()
{
return $this->belongsToMany('App\Permission', 'tblIntranetRoles_Permissions', 'RoleID', 'PermissionID');
}
public function givePermissionTo(Permission $permission)
{
return $this->permissions()->save($permission);
}
public function getUsers()
{
$users = User::orderBy('UserID')->get();
$roleusers = collect();
foreach($users as $user){
if($user->hasRole($this->name)){
$roleusers->push($user);
}
}
return $roleusers;
}
public function detachAllUsers()
{
$users = $this->getUsers();
foreach($users as $user){
$user->roles()->detach($this);
}
}
public function detachAllPermissions()
{
$permissions = $this->permissions;
foreach($permissions as $permission){
$permission->roles()->detach($this);
}
}
}
namespace App\Providers;
use App\Report, App\Permission;
use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
];
/**
* Register any application authentication/authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$this->registerPolicies($gate);
foreach ($this->getPermissions() as $permission){
$gate->before(function ($user) {
if ($user->isSuperAdmin()) {
return true;
}
});
$gate->define($permission->name, function($user) use ($permission){
return $user->hasRole($permission->roles);
});
}
}
protected function getPermissions()
{
return Permission::with('roles')->get();
}
}
所以,感謝這個,我能夠創造不同的角色和權限分配給他們,讓他們能夠訪問內網的某些部分以及看到某些報告。例如,我可以定義如下:
Role: Analyst
Access: Section 1, 2, 3
Reports: 1,15,41
Role: Developer
Access: All sections
Reports: All reports
這將是很好,如果每一個分析師能夠看到和訪問相同的部分...但當然這不是這種情況。開發人員也是如此。遵循這個模型,它基本上意味着我需要爲每個用戶分配一個角色,並在Intranet上爲每個可能的元素授予一個權限。由於有大約200報告中提供以及約30個用戶,這將產生大量的「show_report_1」,「show_report_2」,「show_section_1」的,「show_section_2」權限(Laravel通過名稱標識的權限)。
因此,爲了讓事情更有秩序......我想,我一直在想,如果沒有一種方法讓一個名爲「show_report」的權限與reportID存儲在另一個字段中,並且以避免每個用戶有一個角色。
行級安全?這不是數據庫嗎?我想給訪問內部網 – Osuwariboy
你可以添加其他的數據結構和表'tblIntranetPermissionsLists',這將是tblIntranetPermissions'的'清單的具體要素。它會有一對多的關係,比如1個TIPL可以參考M TIP。 – bassxzero
這實際上是一個相當不錯的想法。它並沒有消除每個用戶都有一個角色的需要,但它仍然可以使權限更容易管理。 – Osuwariboy