Practical application of Laravel's permission function: How to implement user organization structure permission control

Practical application of Laravel's permission function: How to implement user organization structure permission control requires specific code examples

Introduction:
With the rapid development of Web applications, User permission control has become an important functional requirement. Laravel, as a popular PHP framework, provides flexible and powerful permission management functions. This article will introduce how to use Laravel to implement user organization structure permission control, and give specific code examples.

1. Requirements for user organizational structure permission control
In many applications, user permissions are usually allocated and managed according to the organizational structure. For example, an enterprise has multiple departments, and each department has different employees. In this case, the functions that need to be implemented are:

1. Department administrators can manage employees under their own department, but cannot access information from other departments;
2. Executives can access and manage data across the entire company;
3. Ordinary employees can only access their own personal information.

2. Use Laravel’s permission management function
The Laravel framework has a complete set of built-in permission management functions that can meet the above needs. The following will introduce how to use Laravel's permission function to implement user organization structure permission control.

1. Install Laravel's permission management plug-in
   First, install the permission management plug-in in the Laravel project. The commonly used ones are spatie/laravel-permission and laravel-permission. Here, spatie/laravel-permission is used as an example for demonstration. Execute the following command in the command line to install:

composer require spatie/laravel-permission

Then, add the following configuration in the config/app.php file:

'providers' => [
    // ...
    SpatiePermissionPermissionServiceProvider::class,
],

'aliases' => [
    // ...
    'Permission' => SpatiePermissionFacadesPermission::class,
]

Finally, run the database migration command to create the required Data table:

php artisan migrate

2. Create user, role and permission models
   In Laravel, you need to create three models to implement permission management: User (user), Role (role) and Permission ( permissions). Create a User model here and use the spatie/laravel-permission plugin to manage roles and permissions. Run the following command to generate these models:

php artisan make:model User
php artisan make:model Role
php artisan make:model Permission

Then, add the following code in the generated User model:

<?php

namespace App;

use IlluminateNotificationsNotifiable;
use IlluminateFoundationAuthUser as Authenticatable;
use IlluminateDatabaseEloquentRelationsBelongsToMany;
use SpatiePermissionTraitsHasRoles;

class User extends Authenticatable
{
    use Notifiable, HasRoles;

    // ...
}

3. Create department and employee models
   In order to implement User organization structure also needs to create department and employee models. Run the following command to generate these models:

php artisan make:model Department
php artisan make:model Employee

Then, add the following code in the Department model:

<?php

namespace App;

use IlluminateDatabaseEloquentModel;
use IlluminateDatabaseEloquentRelationsHasMany;

class Department extends Model
{
    // ...

    public function employees(): HasMany
    {
        return $this->hasMany(Employee::class);
    }
}

Add the following code in the Employee model:

<?php

namespace App;

use IlluminateDatabaseEloquentModel;
use IlluminateDatabaseEloquentRelationsBelongsTo;

class Employee extends Model
{
    // ...

    public function department(): BelongsTo
    {
        return $this->belongsTo(Department::class);
    }
}

4. Define roles and permissions
   Based on the above requirements, we need to define three roles: department administrators, executives and ordinary employees. Create a roles table in the database, and then use the migration command provided by Laravel to generate the role's data table:

php artisan make:migration create_roles_table --create=roles
php artisan migrate

Run the following command to add these three roles:

php artisan permission:create-role department_manager
php artisan permission:create-role executive
php artisan permission:create-role employee

Next, We also need to define some permissions. Create a permissions table in the database, and then use the migration command to generate the permissions data table:

php artisan make:migration create_permissions_table --create=permissions
php artisan migrate

Run the following command to add some permissions:

php artisan permission:create-permission manage_department
php artisan permission:create-permission manage_employee

5. Assign roles and permissions
   In order To implement permission control, we need to assign roles and permissions to corresponding users and departments. Here are some sample codes:

use AppUser;
use AppRole;
use AppPermission;
use AppDepartment;
use AppEmployee;

// 创建一个部门管理员用户
$user = User::create([
    'name' => '部门管理员',
    'email' => 'manager@example.com',
    'password' => bcrypt('password'),
]);

// 创建一个部门
$department = Department::create([
    'name' => '销售部门',
]);

// 给用户分配部门管理员角色
$user->assignRole('department_manager');

// 将部门管理员角色与权限关联起来
$role = Role::findByName('department_manager');
$role->givePermissionTo('manage_department');

// 将部门管理员与部门关联起来
$employee = Employee::create([
    'name' => '张三',
    'department_id' => $department->id,
]);

3. Permission control sample code
Now that we have completed the basic settings of permission management, we can start setting up the permission control code. Here is some sample code:

1. Department administrators can manage employees under their own department, but cannot access information from other departments.

public function index()
{
    $user = Auth::user();
    $department = $user->employee->department;

    // 部门管理员只能查看本部门的员工列表
    $employees = $department->employees;

    return view('employees.index', compact('employees'));
}

2. Executives can access and manage data across the company.

public function index()
{
    $user = Auth::user();

    // 高管可以查看所有部门的员工列表
    $employees = Employee::all();

    return view('employees.index', compact('employees'));
}

3. Ordinary employees can only access their own personal information.

public function show($id)
{
    $user = Auth::user();

    // 普通员工只能查看自己的信息
    $employee = Employee::where('id', $id)
                        ->where('user_id', $user->id)
                        ->firstOrFail();

    return view('employees.show', compact('employee'));

The above is the detailed content of Practical application of Laravel's permission function: How to implement user organization structure permission control. For more information, please follow other related articles on the PHP Chinese website!