Home >PHP Framework >Laravel >How to implement access control list (ACL) permission control in Laravel
How to implement access control list (ACL) permission control in Laravel
Abstract:
Access control list (ACL) is a commonly used permission control mechanism , which can also be easily implemented in the Laravel framework. This article will introduce how to use the authentication and authorization functions and extension packages that come with the Laravel framework to implement ACL permission control, and provide specific code examples.
1. Use the authentication and authorization functions that come with Laravel
The authentication and authorization functions that come with the Laravel framework are the basis for implementing ACL permission control. Before you begin, make sure you have correctly set up the Laravel framework and configured your database connection.
Create user table and role table
Use the command line tool Artisan that comes with the Laravel framework to create the user table and role table.
php artisan make:migration create_users_table --create=users php artisan make:migration create_roles_table --create=roles
Then define the table structure in the generated migration file and run the migration command to generate the table.
php artisan migrate
Create user model and role model
Use Artisan, the command line tool that comes with the Laravel framework, to create user models and role models.
php artisan make:model User php artisan make:model Role
Define model associations and methods in the generated model file.
Implement authentication
Set the authentication driver as the database driver in the config/auth.php
configuration file.
'defaults' => [ 'guard' => 'web', 'passwords' => 'users', ],
Then use the command line tool Artisan that comes with the Laravel framework to create authentication-related controllers and views.
php artisan make:auth
In the generated authentication-related controller, you can find login, registration and other related methods.
Implement authorization
Register the authorization policy in the app/Providers/AuthServiceProvider.php
file.
use AppPoliciesRolePolicy; protected $policies = [ Role::class => RolePolicy::class, ];
Then use the command line tool Artisan that comes with the Laravel framework to create the authorization policy.
php artisan make:policy RolePolicy --model=Role
In the generated authorization policy file, related authorization methods can be defined.
2. Use the extension package laravel-permission to implement ACL permission control
laravel-permission is a popular extension package that can easily implement ACL permission control.
Install the laravel-permission extension package
Use Composer to install the laravel-permission extension package.
composer require spatie/laravel-permission
Configure laravel-permission extension package
Add ServiceProvider in the providers
array in the config/app.php
configuration file.
SpatiePermissionPermissionServiceProvider::class,
Then use Artisan, the command line tool that comes with the Laravel framework, to publish the configuration files and migration files of the expansion package.
php artisan vendor:publish --provider="SpatiePermissionPermissionServiceProvider" --tag="config" php artisan vendor:publish --provider="SpatiePermissionPermissionServiceProvider" --tag="migrations"
The permission model and role model can be set in the generated configuration file.
Create permission table and role table
Use Artisan, the command line tool that comes with the Laravel framework, to generate migration files for the permission table and role table.
php artisan make:migration create_permissions_table --create=permissions php artisan make:migration create_roles_table --create=roles
Define the table structure in the generated migration file and run the migration command to generate the table.
php artisan migrate
Use laravel-permission extension package
Introduce the SpatiePermissionTraitsHasRoles
trait in the user model and role model.
use SpatiePermissionTraitsHasRoles;
Then use the HasRoles
trait to define the associations and methods of the user model and role model.
You can use the authorize
method in the controller to perform authorization judgment.
use IlluminateSupportFacadesGate; if (Gate::denies('edit', $post)) { abort(403, 'Unauthorized action.'); }
You can also use the @can
directive in the view file to determine permissions.
@can('edit', $post) {{-- Edit button --}} @endcan
Conclusion:
This article introduces how to implement access control list (ACL) permission control in the Laravel framework. First, use Laravel's own authentication and authorization functions to define the user table and role table and implement authentication and authorization. Then use the laravel-permission extension package to further implement ACL permission control. I hope this article can help you implement ACL permission control in Laravel.
The above is the detailed content of How to implement access control list (ACL) permission control in Laravel. For more information, please follow other related articles on the PHP Chinese website!