daugaard47 · December 17, 2018 02:21
diff --git a/01_Laravel 5 Simple ACL manager_Readme.md b/01_Laravel 5 Simple ACL manager_Readme.md
diff --git a/CheckRole.php b/CheckRole.php
 <?php namespace App\Http\Middleware;

 // First copy this file into your middleware directoy

 use Closure;

 class CheckRole{

 	/**
 	 * Handle an incoming request.
 	 *
 	 * @param  \Illuminate\Http\Request  $request
 	 * @param  \Closure  $next
 	 * @return mixed
 	 */
 	public function handle($request, Closure $next)
 	{
 		// Get the required roles from the route
 		$roles = $this->getRequiredRoleForRoute($request->route());

 		// Check if a role is required for the route, and
 		// if so, ensure that the user has that role.
 		if($request->user()->hasRole($roles) || !$roles)
 		{
 			return $next($request);
 		}
 		// Optional 401
 		return response([
 			'error' => [
 				'code' => 'INSUFFICIENT_ROLE',
 				'description' => 'You are not authorized to access this resource.'
 			]
 		], 401);
 		// Rather 401.. Redirect to login or whatever
 		//return redirect('login');

 	}

 	private function getRequiredRoleForRoute($route)
 	{
 		$actions = $route->getAction();
 		return isset($actions['roles']) ? $actions['roles'] : null;
 	}

 }
diff --git a/Kernel.php b/Kernel.php
 <?php

 // Register the new route middleware 

 protected $routeMiddleware = [
 		'auth' 			=> 'App\Http\Middleware\Authenticate',
 		'auth.basic' 	=> 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
 		'guest' 		=> 'App\Http\Middleware\RedirectIfAuthenticated',
 		'roles' 		=> 'App\Http\Middleware\CheckRole',
 	];
diff --git a/Role.php b/Role.php
 <?php namespace App;

 use Illuminate\Database\Eloquent\Model;

 class Role extends Model {

    protected $table = 'roles';

    public function users()
    {
        return $this->hasMany('App\User', 'role_id', 'id');
    }

 }
diff --git a/Roles_table_migration.php b/Roles_table_migration.php
 <?php

 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Database\Migrations\Migration;

 class CreateRolesTable extends Migration {

 	/**
 	 * Run the migrations.
 	 *
 	 * @return void
 	 */
 	public function up()
 	{
 		Schema::create('role', function($table) {
 			$table->increments('id');
 			$table->string('name', 40);
 			$table->string('description', 255);
 			$table->timestamps();
 		});
 	}

 	/**
 	 * Reverse the migrations.
 	 *
 	 * @return void
 	 */
 	public function down()
 	{
 		Schema::drop('role');
 	}

 }
diff --git a/RoleTableSeeder.php b/RoleTableSeeder.php
 <?php



 use Illuminate\Database\Seeder;
 use Illuminate\Database\Eloquent\Model;
 use App\Role;

 class RoleTableSeeder extends Seeder{

    public function run()
    {

        if (App::environment() === 'production') {
            exit('I just stopped you getting fired. Love, Amo.');
        }

        DB::table('role')->truncate();

        Role::create([
            'id'            => 1,
            'name'          => 'Root',
            'description'   => 'Use this account with extreme caution. When using this account it is possible to cause irreversible damage to the system.'
        ]);

        Role::create([
            'id'            => 2,
            'name'          => 'Administrator',
            'description'   => 'Full access to create, edit, and update companies, and orders.'
        ]);

        Role::create([
            'id'            => 3,
            'name'          => 'Manager',
            'description'   => 'Ability to create new companies and orders, or edit and update any existing ones.'
        ]);

        Role::create([
            'id'            => 4,
            'name'          => 'Company Manager',
            'description'   => 'Able to manage the company that the user belongs to, including adding sites, creating new users and assigning licences.'
        ]);

        Role::create([
            'id'            => 5,
            'name'          => 'User',
            'description'   => 'A standard user that can have a licence assigned to them. No administrative features.'
        ]);
    }

 }
diff --git a/routes.php b/routes.php
 <?php

 Route::get('user/{user}', [
 	'middleware' => ['auth', 'roles'], // A 'roles' middleware must be specified
 	'uses' => 'UserController@index',
 	'roles' => ['administrator', 'manager'] // Only an administrator, or a manager can access this route
 ]);


    // ADD ADMIN PROTECTED ROUTES TO A GROUP
    Route::group(['middleware' => ['auth','roles'], 'roles' => ['administrator', 'manager']], function() {
 	//ADMIN INDEX
        Route::get('/admin','AdminController@index')->name('admin');
        Route::get('/admin/create','AdminController@create')->name('admin_create');
        etc...
    });
diff --git a/User.php b/User.php
 <?php

 // The User model

 public function role()
 	{
 		return $this->hasOne('App\Role', 'id', 'role_id');
 	}

 	public function hasRole($roles)
 	{
 		$this->have_role = $this->getUserRole();

 		// Check if the user is a root account
 		if($this->have_role->name == 'Root') {
 			return true;
 		}

 		if(is_array($roles)){
 			foreach($roles as $need_role){
 				if($this->checkIfUserHasRole($need_role)) {
 					return true;
 				}
 			}
 		} else{
 			return $this->checkIfUserHasRole($roles);
 		}
 		return false;
 	}

 	private function getUserRole()
 	{
 		return $this->role()->getResults();
 	}

 	private function checkIfUserHasRole($need_role)
 	{
 		return (strtolower($need_role)==strtolower($this->have_role->name)) ? true : false;
 	}
	<?php namespace App\Http\Middleware;

	// First copy this file into your middleware directoy

	use Closure;

	class CheckRole{

	/**
	* Handle an incoming request.
	*
	* @param \Illuminate\Http\Request $request
	* @param \Closure $next
	* @return mixed
	*/
	public function handle($request, Closure $next)
	{
	// Get the required roles from the route
	$roles = $this->getRequiredRoleForRoute($request->route());

	// Check if a role is required for the route, and
	// if so, ensure that the user has that role.
	if($request->user()->hasRole($roles) \|\| !$roles)
	{
	return $next($request);
	}
	// Optional 401
	return response([
	'error' => [
	'code' => 'INSUFFICIENT_ROLE',
	'description' => 'You are not authorized to access this resource.'
	]
	], 401);
	// Rather 401.. Redirect to login or whatever
	//return redirect('login');

	}

	private function getRequiredRoleForRoute($route)
	{
	$actions = $route->getAction();
	return isset($actions['roles']) ? $actions['roles'] : null;
	}

	}
	<?php

	// Register the new route middleware

	protected $routeMiddleware = [
	'auth' => 'App\Http\Middleware\Authenticate',
	'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
	'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
	'roles' => 'App\Http\Middleware\CheckRole',
	];
	<?php namespace App;

	use Illuminate\Database\Eloquent\Model;

	class Role extends Model {

	protected $table = 'roles';

	public function users()
	{
	return $this->hasMany('App\User', 'role_id', 'id');
	}

	}
	<?php

	use Illuminate\Database\Schema\Blueprint;
	use Illuminate\Database\Migrations\Migration;

	class CreateRolesTable extends Migration {

	/**
	* Run the migrations.
	*
	* @return void
	*/
	public function up()
	{
	Schema::create('role', function($table) {
	$table->increments('id');
	$table->string('name', 40);
	$table->string('description', 255);
	$table->timestamps();
	});
	}

	/**
	* Reverse the migrations.
	*
	* @return void
	*/
	public function down()
	{
	Schema::drop('role');
	}

	}
	<?php



	use Illuminate\Database\Seeder;
	use Illuminate\Database\Eloquent\Model;
	use App\Role;

	class RoleTableSeeder extends Seeder{

	public function run()
	{

	if (App::environment() === 'production') {
	exit('I just stopped you getting fired. Love, Amo.');
	}

	DB::table('role')->truncate();

	Role::create([
	'id' => 1,
	'name' => 'Root',
	'description' => 'Use this account with extreme caution. When using this account it is possible to cause irreversible damage to the system.'
	]);

	Role::create([
	'id' => 2,
	'name' => 'Administrator',
	'description' => 'Full access to create, edit, and update companies, and orders.'
	]);

	Role::create([
	'id' => 3,
	'name' => 'Manager',
	'description' => 'Ability to create new companies and orders, or edit and update any existing ones.'
	]);

	Role::create([
	'id' => 4,
	'name' => 'Company Manager',
	'description' => 'Able to manage the company that the user belongs to, including adding sites, creating new users and assigning licences.'
	]);

	Role::create([
	'id' => 5,
	'name' => 'User',
	'description' => 'A standard user that can have a licence assigned to them. No administrative features.'
	]);
	}

	}
	<?php

	Route::get('user/{user}', [
	'middleware' => ['auth', 'roles'], // A 'roles' middleware must be specified
	'uses' => 'UserController@index',
	'roles' => ['administrator', 'manager'] // Only an administrator, or a manager can access this route
	]);


	// ADD ADMIN PROTECTED ROUTES TO A GROUP
	Route::group(['middleware' => ['auth','roles'], 'roles' => ['administrator', 'manager']], function() {
	//ADMIN INDEX
	Route::get('/admin','AdminController@index')->name('admin');
	Route::get('/admin/create','AdminController@create')->name('admin_create');
	etc...
	});
	<?php

	// The User model

	public function role()
	{
	return $this->hasOne('App\Role', 'id', 'role_id');
	}

	public function hasRole($roles)
	{
	$this->have_role = $this->getUserRole();

	// Check if the user is a root account
	if($this->have_role->name == 'Root') {
	return true;
	}

	if(is_array($roles)){
	foreach($roles as $need_role){
	if($this->checkIfUserHasRole($need_role)) {
	return true;
	}
	}
	} else{
	return $this->checkIfUserHasRole($roles);
	}
	return false;
	}

	private function getUserRole()
	{
	return $this->role()->getResults();
	}

	private function checkIfUserHasRole($need_role)
	{
	return (strtolower($need_role)==strtolower($this->have_role->name)) ? true : false;
	}