好一个角色,所以我想的Intranet上使用Laravel实现一个ACL,我有一些问题的权限增长很快出来的控制。所以第一关,这里就是我的了:Laravel 5.2 ACL如何有多个同名的权限,并避免每个用户
我的五个表定义我的用户,我的角色和我的权限是这样的:
tblIntranetUser
UserID
Name
FirstName
Username
tblIntranetRoles
RoleID
RoleName
Description
tblIntranetPermissions
PermissionID
PermissionName
Description
tblIntranetRoles_Permissions
RoleID
PermissionID
tblIntranetUsers_Roles
UserID
RoleID
而且我也有AuthServiceProvider以及权限和角色型号:
class Permission extends Model
{
/**
* The database table used by the model.
*
* @var string
*/
protected $table = 'tblIntranetPermissions';
protected $primaryKey = 'PermissionID';
public $timestamps = false;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = ['PermissionID', 'PermissionName', 'Description'];
public function roles()
{
return $this->belongsToMany('App\Role', 'tblIntranetRoles_Permissions', 'PermissionID', 'RoleID');
}
public function detachAllRoles()
{
$roles = $this->roles;
foreach($roles as $role){
$role->permissions()->detach($this);
}
}
}
namespace App;
use Illuminate\Database\Eloquent\Model;
use App\User;
class Role extends Model
{
/**
* The database table used by the model.
*
* @var string
*/
protected $table = 'tblIntranetRoles';
protected $primaryKey = 'RoleID';
public $timestamps = false;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = ['RoleID', 'RoleName', 'Description'];
public function permissions()
{
return $this->belongsToMany('App\Permission', 'tblIntranetRoles_Permissions', 'RoleID', 'PermissionID');
}
public function givePermissionTo(Permission $permission)
{
return $this->permissions()->save($permission);
}
public function getUsers()
{
$users = User::orderBy('UserID')->get();
$roleusers = collect();
foreach($users as $user){
if($user->hasRole($this->name)){
$roleusers->push($user);
}
}
return $roleusers;
}
public function detachAllUsers()
{
$users = $this->getUsers();
foreach($users as $user){
$user->roles()->detach($this);
}
}
public function detachAllPermissions()
{
$permissions = $this->permissions;
foreach($permissions as $permission){
$permission->roles()->detach($this);
}
}
}
namespace App\Providers;
use App\Report, App\Permission;
use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
];
/**
* Register any application authentication/authorization services.
*
* @param \Illuminate\Contracts\Auth\Access\Gate $gate
* @return void
*/
public function boot(GateContract $gate)
{
$this->registerPolicies($gate);
foreach ($this->getPermissions() as $permission){
$gate->before(function ($user) {
if ($user->isSuperAdmin()) {
return true;
}
});
$gate->define($permission->name, function($user) use ($permission){
return $user->hasRole($permission->roles);
});
}
}
protected function getPermissions()
{
return Permission::with('roles')->get();
}
}
所以,感谢这个,我能够创造不同的角色和权限分配给他们,让他们能够访问内网的某些部分以及看到某些报告。例如,我可以定义如下:
Role: Analyst
Access: Section 1, 2, 3
Reports: 1,15,41
Role: Developer
Access: All sections
Reports: All reports
这将是很好,如果每一个分析师能够看到和访问相同的部分...但当然这不是这种情况。开发人员也是如此。遵循这个模型,它基本上意味着我需要为每个用户分配一个角色,并在Intranet上为每个可能的元素授予一个权限。由于有大约200报告中提供以及约30个用户,这将产生大量的“show_report_1”,“show_report_2”,“show_section_1”的,“show_section_2”权限(Laravel通过名称标识的权限)。
因此,为了让事情更有秩序......我想,我一直在想,如果没有一种方法让一个名为“show_report”的权限与reportID存储在另一个字段中,并且以避免每个用户有一个角色。
行级安全?这不是数据库吗?我想给访问内部网 – Osuwariboy
你可以添加其他的数据结构和表'tblIntranetPermissionsLists',这将是tblIntranetPermissions'的'清单的具体要素。它会有一对多的关系,比如1个TIPL可以参考M TIP。 – bassxzero
这实际上是一个相当不错的想法。它并没有消除每个用户都有一个角色的需要,但它仍然可以使权限更容易管理。 – Osuwariboy