Laravel 5.3 study: What kind of projects is Laravel the best choice
# The challenge: Can i migrate a Drupal 6 (D6) to Laravel 5.3 (L5)
# Part: Migrate Drupal permissions
# Database tables : users, users_roles, roles, permission
# On User Model it was implemented the get and check user permissions
class User extends Authenticatable {
...
public function isSuperAdmin(){
return $this->uid == 1;
}
public function hasAccess($string) {
return isset($this->permissions[$string]);
}
protected function setUserPermissions() {
$perms = array();
//dd(array_keys($this->getRoles()));
$rows = DB::table('role')
->select('permission.perm')
->join('permission', 'role.rid', '=', 'permission.rid')
->whereIn('role.rid', array_keys($this->getRoles()))
->get();
foreach ($rows as $row) {
$perms += array_flip(explode(', ', $row->perm));
}
$this->permissions = $perms;
}
...
}
# Create a Model Policy
php artisan make:policy BiblioPolicy --model=Biblio
# add to AuthServiceProvider.php
class AuthServiceProvider extends ServiceProvider {
...
protected $policies = [
'App\Biblio' => 'App\Policies\BiblioPolicy',
];
...
}
# Implement Policy logic
class BiblioPolicy
{
use HandlesAuthorization;
public function view(User $user, Biblio $biblio)
{
return true;
}
public function create(User $user)
{
if ($user->hasAccess("create biblio")){
return true;
}
if ($user->hasAccess("administer biblio")){
return true;
}
return false;
}
public function update(User $user, Biblio $biblio)
{
//is owner
if ($user->uid == $biblio->node->uid){
return true;
}
if ($user->hasAccess("administer biblio")){
return true;
}
if ($user->hasAccess("edit all biblio entries")){
return true;
}
if ($biblio->userIsAuthor($user)){
return true;
}
return false;
}
public function delete(User $user, Biblio $biblio)
{
//is owner
if ($user->uid == $biblio->node->uid){
return true;
}
if ($user->hasAccess("administer biblio")){
return true;
}
if ($user->hasAccess("edit all biblio entries")){
return true;
}
if ($biblio->userIsAuthor($user)){
return true;
}
return false;
}
public function before($user, $ability)
{
if ($user->isSuperAdmin()) {
return true;
}
}
}
# Create Middleware to handle permissions on Route
php artisan make:middleware CheckBiblioPermissions
class CheckBiblioPermissions
{
public function handle($request, Closure $next, $permission)
{
$user = $request->user();
$biblio = $request->route('biblio');
if (!$biblio instanceof \App\Biblio){
$request->session()->flash('danger', 'Wrong model parameter');
return redirect()->back();
}
if ($user->cant($permission, $biblio)){
//return abort(403, 'Unauthorized action.');
$request->session()->flash('warning', 'Unauthorized action.');
return redirect()->back();
}
return $next($request);
}
}
# Control permissions on Route
Route::get('/biblio/{biblio}/edit', 'BiblioController@edit')->name('biblio.edit')->middleware('auth','biblio:update');
# Control permissions on Blade
@can('update', $publication)
<a class="btn btn-default btn-sm" href="{{ route('publications.edit',['id' => $publication->vid]) }}">edit</a>
@endcan
# Control permissions anyware else
...
$user = Auth::user();
if ($user->cant('update', $biblio)) {
return "Sorry Unauthorized action.";
}
...
# References:
https://laravel.com/docs/5.3/authorization
https://laravel.com/docs/5.3/middleware
https://laravel.com/docs/5.3/routing
