How to implement a permission management system in Laravel-Laravel-php.cn

Home

PHP Framework

Laravel

How to implement a permission management system in Laravel

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Nov 02, 2023 pm 04:51 PM

laravelSystem implementationauthority management

How to implement a permission management system in Laravel

Introduction:
With the continuous development of web applications, the permission management system has become one of the basic functions of many applications. one. Laravel, as a popular PHP framework, provides a wealth of tools and functions to implement permission management systems. This article will introduce how to implement a simple and powerful permission management system in Laravel and provide specific code examples.

1. Design ideas of permission management system
When designing the permission management system, the following key points need to be considered:

Definition of roles and permissions: Role refers to The user's function or identity, and permissions refer to the user's ability to access system functions or resources.
The relationship between users and roles: A user can have multiple roles, and a role can be owned by multiple users.
The relationship between permissions and roles: A role can have multiple permissions, and one permission can be owned by multiple roles.
The relationship between routing and permissions: Routing determines the entrance for users to access system functions. Different routes may require different permissions to restrict access.

Based on the above design ideas, we can start to implement the permission management system in Laravel.

2. Database design and migration
In Laravel, we can use database migration to create and modify database tables. The following is a simple database design:

User table (users): stores basic information of users, such as user name, password, etc.
Role table (roles): stores basic information of roles, such as role name, description, etc.
Permissions table: stores basic information about permissions, such as permission names, descriptions, etc.
Role-permission association table (role_permission): records the corresponding relationship between roles and permissions.
User-role association table (user_role): records the corresponding relationship between users and roles.

First, create the migration file:

php artisan make:migration create_users_table
php artisan make:migration create_roles_table
php artisan make:migration create_permissions_table
php artisan make:migration create_role_permission_table
php artisan make:migration create_user_role_table

Then, write the table structure in the corresponding migration file (the code is omitted), and run the migration command:

php artisan migrate

3. Define model relationships
In Laravel, we can use the Eloquent model to define relationships between database tables. First, we need to define three models: User, Role, and Permission.

User model (User)

namespace App;

use IlluminateDatabaseEloquentModel;

class User extends Model
{
 // 用户与角色的多对多关系
 public function roles()
 {
     return $this->belongsToMany('AppRole')->withTimestamps();
 }

 // 判断用户是否拥有某个角色
 public function hasRole($role)
 {
     if (is_string($role)) {
         return $this->roles->contains('name', $role);
     }

     return !! $role->intersect($this->roles)->count();
 }

 // 判断用户是否拥有某个权限
 public function hasPermission($permission)
 {
     return $this->hasRole($permission->roles);
 }
}

Role model (Role)

namespace App;

use IlluminateDatabaseEloquentModel;

class Role extends Model
{
 // 角色与用户的多对多关系
 public function users()
 {
     return $this->belongsToMany('AppUser')->withTimestamps();
 }

 // 角色与权限的多对多关系
 public function permissions()
 {
     return $this->belongsToMany('AppPermission')->withTimestamps();
 }

 // 判断角色是否拥有某个权限
 public function hasPermission($permission)
 {
     if (is_string($permission)) {
         return $this->permissions->contains('name', $permission);
     }

     return !! $permission->intersect($this->permissions)->count();
 }
}

Permission model (Permission)

namespace App;

use IlluminateDatabaseEloquentModel;

class Permission extends Model
{
 // 权限与角色的多对多关系
 public function roles()
 {
     return $this->belongsToMany('AppRole');
 }
}

4. Middleware and routing settings
In order to implement the permission management system, we can use middleware to intercept and verify user access requests. First, we need to define a permission middleware.

Define permission middleware:

namespace AppHttpMiddleware;

use Closure;
use IlluminateSupportFacadesAuth;

class CheckPermission
{
 public function handle($request, Closure $next, $permission)
 {
     $user = Auth::user();
     
     if ($user && $user->hasPermission($permission)) {
         return $next($request);
     }
     
     return redirect()->route('403'); // 没有权限则跳转到403页面
 }
}

Register permission middleware:
In appHttpKernel.php $routeMiddlewareRegister permission middleware in the array:
```
protected $routeMiddleware = [
 // ...
 'permission' => AppHttpMiddlewareCheckPermission::class,
];
```
Associate middleware and routing:
Define the requirements in routesweb.php Permission control routing, and use permissionmiddleware:
```
Route::get('/members', 'MemberController@index')->middleware('permission:member_view');
```

5. Controller and view
In the controller, you can use the following code example to view the user The identity is verified and the corresponding view is returned according to the permissions.

Method in controller:

namespace AppHttpControllers;

use IlluminateSupportFacadesAuth;

class MemberController extends Controller
{
 public function index()
 {
    if (Auth::user()->hasPermission('member_view')) {
         return view('members.index');
    }
    
    // 没有权限则跳转到403页面
    return redirect()->route('403');
 }
}

Code in view:

@if(Auth::user()->hasPermission('member_view'))
 <!-- 具有查看成员的权限，显示相关内容 -->
 <table>
     ...
 </table>
@else
 <!-- 没有权限，显示无权限提示 -->
 <div>您没有查看成员的权限</div>
@endif

Six , Summary
Through the above steps, we successfully implemented a simple and powerful permission management system in Laravel. By defining roles, permissions and corresponding relationships, using middleware to intercept routes, and judging permissions in controllers and views, we can achieve precise control of user access permissions. I hope this article can help you better understand and apply the permission management functions in Laravel.

Reference:

Laravel official documentation (https://laravel.com/docs/8.x/)
Laravel Beyond CRUD series tutorials: Permissions Management (https://laravelbestpractices.com/series/show/laravel-beyond-crud/episodes/9)

The above is the detailed content of How to implement a permission management system in Laravel. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Last Laravel version: Migration TutorialMay 14, 2025 am 12:17 AM

What new features and best practices does Laravel's migration system offer in the latest version? 1. Added nullableMorphs() for polymorphic relationships. 2. The after() method is introduced to specify the column order. 3. Emphasize handling of foreign key constraints to avoid orphaned records. 4. It is recommended to optimize performance, such as adding indexes appropriately. 5. Advocate the idempotence of migration and the use of descriptive names.

What is the Latest LTS Version of Laravel?May 14, 2025 am 12:14 AM

Laravel10,releasedinFebruary2023,isthelatestLTSversion,supportedforthreeyears.ItrequiresPHP8.1 ,enhancesLaravelPennantforfeatureflags,improveserrorhandling,refinesdocumentation,andoptimizesperformance,particularlyinEloquentORM.

Stay Updated: The Newest Features in the Latest Laravel VersionMay 14, 2025 am 12:10 AM

Laravel's latest version introduces multiple new features: 1. LaravelPennant is used to manage function flags, allowing new features to be released in stages; 2. LaravelReverb simplifies the implementation of real-time functions, such as real-time comments; 3. LaravelVite accelerates the front-end construction process; 4. The new model factory system enhances the creation of test data; 5. Improves the error handling mechanism and provides more flexible error page customization options.

Implementing Soft Delete in Laravel: A Step-by-Step TutorialMay 14, 2025 am 12:02 AM

Softleteinelelavelisling -Memptry-braceChortsDevetus -TeedeecetovedinglyDeveledTeecetteecedelave

Current Laravel Version: Check the Latest Release and UpdatesMay 14, 2025 am 12:01 AM

Laravel10.xisthecurrentversion,offeringnewfeatureslikeenumsupportinEloquentmodelsandimprovedroutemodelbindingwithenums.Theseupdatesenhancecodereadabilityandsecurity,butrequirecarefulplanningandincrementalimplementationforasuccessfulupgrade.

How to Use Laravel Migrations: A Step-by-Step TutorialMay 13, 2025 am 12:15 AM

LaravelmigrationsstreamlinedatabasemanagementbyallowingschemachangestobedefinedinPHPcode,whichcanbeversion-controlledandshared.Here'showtousethem:1)Createmigrationclassestodefineoperationslikecreatingormodifyingtables.2)Usethe'phpartisanmigrate'comma

Finding the Latest Laravel Version: A Quick and Easy GuideMay 13, 2025 am 12:13 AM

To find the latest version of Laravel, you can visit the official website laravel.com and click the "Docs" button in the upper right corner, or use the Composer command "composershowlaravel/framework|grepversions". Staying updated can help improve project security and performance, but the impact on existing projects needs to be considered.

Staying Updated with Laravel: Benefits of Using the Latest VersionMay 13, 2025 am 12:08 AM

YoushouldupdatetothelatestLaravelversionforperformanceimprovements,enhancedsecurity,newfeatures,bettercommunitysupport,andlong-termmaintenance.1)Performance:Laravel9'sEloquentORMoptimizationsenhanceapplicationspeed.2)Security:Laravel8introducedbetter

See all articles