- PHP 7.4+
Goez/Acl is an independent library for access control, you can use it in any PHP project with composer:
composer require goez/aclGoez/Acl also supports Laravel 5.4, just follow the steps below:
-
Install from composer.
-
Publish configuration after composer require.
php artisan vendor:publish --tag=acl-config
-
Edit
app/config/packages/goez/acl/config.php:<?php return [ 'init' => function ($acl) { // Initialize your permission here. // Example: // // $acl->fullPrivileges('admin'); // $acl->allow('author', 'read', 'article'); // $acl->allow('author', 'write', 'article'); // $acl->allow('guest', 'read', 'article'); // $acl->deny('guest', 'write', 'article'); }, ];
-
Use methods of Acl in your code:
// In controller: if ($acl->can('member', 'read', 'article')) { // ... }
In Blade template:
@if (app('acl')->can('member', 'read', 'article`)) <!-- .... --> @endif
For the examples below, you need to create an instance of Acl first:
use Goez\Acl\Acl;
$acl = new Acl();$acl->addRole('admin');
$acl->addRole('member');
$acl->addRole('guest');
var_dump($acl->hasRole('admin')); // true
var_dump($acl->hasRole('member')); // true
var_dump($acl->hasRole('notExists')); // false$acl->allow('guest', 'read', 'article');
$acl->deny('guest', 'write', 'article');
var_dump($acl->can('guest', 'read', 'article')); // true
var_dump($acl->can('guest', 'write', 'article')); // falseNote 1: Methods allow and deny will add role automatically.
Note 2: It's always denied by default unless you allowed it.
$acl->allow('author', 'read', 'article'); // rule 1
$acl->allow('author', 'write', 'article'); // rule 2
$acl->deny('author', 'read', 'article'); // rule 3, override rule 1
$acl->deny('author', 'write', 'article'); // rule 4, override rule 2
var_dump($acl->can('author', 'read', 'article')); // false
var_dump($acl->can('author', 'write', 'article')); // false$acl->fullPrivileges('admin');
var_dump($acl->can('admin', 'create', 'page')); // true
var_dump($acl->can('admin', 'create', 'site')); // true
var_dump($acl->can('admin', 'read', 'article')); // true
var_dump($acl->can('admin', 'write', 'article')); // trueNote: Method fullPrivileges will add role automatically.
$actions = ['create', 'read', 'write'];
$resources = ['page', 'site', 'article'];
$acl->allow('guest', 'read', $resources);
$acl->allow('author', $actions, 'article');
$acl->allow('admin', $actions, $resources);$acl->allow('author', '*', 'article');
var_dump($acl->can('author', 'read', 'article')); // true
var_dump($acl->can('author', 'write', 'article')); // true
var_dump($acl->can('author', 'read', 'news')); // false
var_dump($acl->can('author', 'write', 'news')); // false$acl->allow('guest', 'write', 'article:comment');
var_dump($acl->can('guest', '*', 'article')); // true
var_dump($acl->can('guest', '*', 'article:content')); // false
var_dump($acl->can('guest', '*', 'news:*')); // falseUse : to define the sub-resource.
In this example, article as same as article:*.
$acl->allow('guest', 'read', 'article');
$acl->allow('guest', 'write', 'article:comment');
$acl->allow('author', '*', 'article:*');
var_dump($acl->can('author', 'read', 'article:title')); // true
var_dump($acl->can('author', 'read', 'article:content')); // true
var_dump($acl->can('author', 'read', 'article:comment')); // true
var_dump($acl->can('author', 'write', 'article:title')); // true
var_dump($acl->can('author', 'write', 'article:content')); // true
var_dump($acl->can('author', 'write', 'article:comment')); // true
var_dump($acl->can('guest', 'read', 'article:title')); // true
var_dump($acl->can('guest', 'read', 'article:content')); // true
var_dump($acl->can('guest', 'read', 'article:comment')); // true
var_dump($acl->can('guest', 'write', 'article:title')); // false
var_dump($acl->can('guest', 'write', 'article:content')); // false
var_dump($acl->can('guest', 'write', 'article:comment')); // trueMIT