Gestión de roles y permisos para grupos desde laravel con laratrust

Utilizamos el paquete laratrust para poder gestionar roles por grupos.

Roles por defecto:

  • Super admin superadmin
  • Vendor vendor
  • Admin group admin-group
  • User group user-group

Permisos:

  • delete_products Delete products
  • publish_products Publish products
  • unpublish_products Unpublish products
  • make_orders Make orders

Cada vez que asignamos un rol a un usuario tenemos que especificar el
grupo (rotlle), de esta manera un mismo usuario puede tener diferentes
roles en cada grupo.

Referencias:

Instalación

composer require santigarcor/laratrust

php artisan laratrust:setup

composer dump-autoload

php artisan migrate

Configuración (config/laratrust.php):

En mi caso relaciono los equipos con los Rotlles :

'models' => [

    'role' => AppRole::class,

    'permission' => AppPermission::class,

    /**
     * Will be used only if the teams functionality is enabled.
     */
    'team' => AppRotlle::class,

Activamos teams

'teams' => [
    'enabled' => true,
    ...

Desde las migraciones creamos el contenido por defecto

class CreateInitContent extends Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        // Create users default.
        User::create([
            'name' => 'Admin',
            'username' => 'admin',
            'email' => 'admin@example.com',
            'password' => bcrypt('admin')
        ]);

        // Demo rotlle.
        $this->copyImageDemo('demo-rotlle.jpg', public_path('images/rotlles'), public_path('images/demo/rotlles'));
        Rotlle::create([
            'name' => 'Demo Rotlle',
            'status' => 1,
            'description' => 'Demo group with demo content to allow to see the functionalities of the application.',
            'image' => 'demo-rotlle.jpg'
        ]);

        // User admin with rotlle demo.
        $admin = user::where('id',1)->first();
        $admin->rotlles()->attach(1);

        // Roles and permissions default.

        // Reset cached roles and permissions
        $this->truncateLaratrustTables();

        $roleAdmin = AppRole::firstOrCreate([
            'name' => 'superadmin',
            'display_name' => 'Super admin',
            'description' => 'All permissions'
        ]);

        // Create default permissions.
        $edit_products      = Permission::create(['name' => 'edit_products', 'display_name' => 'Edit products', 'description' => 'Edit products']);
        $delete_products    = Permission::create(['name' => 'delete_products', 'display_name' => 'Delete products', 'description' => 'Delete products']);
        $publish_products   = Permission::create(['name' => 'publish_products', 'display_name' => 'Publish products', 'description' => 'Publish products']);
        $unpublish_products = Permission::create(['name' => 'unpublish_products', 'display_name' => 'Unpublish products', 'description' => 'Unpublish products']);
        $make_orders        = Permission::create(['name' => 'make_orders', 'display_name' => 'Make orders', 'description' => 'Make orders']);

        // Create roles and assign existing permissions.
        $vendor = Role::create(['name' => 'vendor', 'display_name' => 'Vendor', 'description' => 'Vendor']);
        $vendor->syncPermissions([$edit_products, $delete_products, $unpublish_products]); 
        $admin_group = Role::create(['name' => 'admin-group', 'display_name' => 'Admin group', 'description' => 'Admin group']);
        $admin_group->syncPermissions([$publish_products, $unpublish_products, $make_orders, $edit_products, $delete_products]); 
        $user_group = Role::create(['name' => 'user-group', 'display_name' => 'User group', 'description' => 'User group']);
        $user_group->syncPermissions([$make_orders]); 

        // Assign roles to users.
        $adminUser = User::where('id',1)->first();
        $adminUser->attachRole($roleAdmin);

Ejemplos de políticas

app/Policies/RotllePolicy.php

public function make_orders()
{
    $rotlleName = session('rotlleName');

    if (auth()->user()->isAbleTo('make_orders', $rotlleName)) {
        return True;
    }
}

app/Policies/ProductPolicy.php

public function publish_products(User $user)
{
    $rotlleName = session('rotlleName');

    if ($user->isAbleTo('publish_products', $rotlleName)) {
        return True;
    }

}

Desde el controlador comprobamos permisos

public function index(Rotlle $rotlle)
{

    $this->authorize('make_orders', $rotlle);
    $products = Product::paginate();

    return view('products.index', compact('products'));
}

Desde la plantilla blade


@can('edit_products', $product)
    <a href="{{ route('products.edit', $product->id) }}" 
    class="btn btn-sm btn-success">
        editar
    </a>
    <form style="display: inline;" action="{{ route('products.destroy', $product->id) }}" method="POST">
        @method('DELETE')
        @csrf
        <button class="btn btn-sm btn-danger">
            Eliminar
        </button>
    </form>
@endcan

&lt;br /&gt;&lt;br /&gt;```php+HTML
@can(&#039;publish_products&#039;, &#039;AppProduct&#039;)
&lt;a style=&quot;float: right;&quot; href=&quot;{{ route(&#039;products.create&#039;) }}&quot; 
class=&quot;btn btn-sm btn-primary pull-right&quot;&gt;
    Crear
&lt;/a&gt;
@endcan

Leave a Reply

Your email address will not be published. Required fields are marked *

Aquest lloc utilitza Akismet per reduir els comentaris brossa. Apreneu com es processen les dades dels comentaris.