Access permissions on Laravel 4

Asked

Viewed 1,417 times

6

I’m developing a system in Laravel 4 based on official Laravel tutorials and documentation. I haven’t seen anything related to access permissions (ACL) in Laravel. Knowing that my system will have several features available, such as: News, Products, User Administration, among others, how I could make a practical page where I insert the permissions per module that each user will have access?

I think of something where I register permissions levels (Admin, User, Editor) and then, in the user’s registration, I link some level. On the other hand, when registering a user I could have options checkbox with the types of permissions (edit, view, delete) of each specific module, and would select the desired one for each user. In this case, I would choose to give individual permissions per user or select a specific level for that user.

Does anyone have any basis I could follow to develop this resource?

  • I use the Verify L4 package for the ease that I found from the beginning... http://docs.toddish.co.uk/verify-l4/

  • We have another option which is the set Confide+Entrust https://github.com/Zizaco/confide (authentication)<br> https://github.com/Zizaco/entrust (access permissions) I have used clear documentation and you take good care of it.

  • I did an Acl system on hand in Laravel, but there are some libraries that do this.

1 answer

6


You can experience the Sentry 2 - a robust solution for authentication, authorization and ACL. This library started as a Bundle Laravel, but it has evolved into a package that can be installed in other frameworks. Follow the specific link for integration with Laravel 4:

https://cartalyst.com/manual/sentry/installation/laravel-4

And follow the link to the permissions documentation:

https://cartalyst.com/manual/sentry/permissions


If you prefer to build your own solution instead of using a ready-made solution, my suggestion is to use three tables:

  1. Your table of users.
  2. A table of stocks.
  3. A connection table Many-to-Many connecting the two ("users")

You may also consider:

  1. A table of levels.
  2. A connection table Many-to-Many linking levels with actions ("niveis_acoes")

In that case, you can either eliminate the table "usuarios_acoes" and save only one "id_nivel" in the table "usuarios", applying exclusively the level permissions... or keep up the table "users_acoes" and apply a level to a user - which would copy the actions from the "level" to the "user", but still allowing an individual fine-tuning. This would be the most robust version.

You will take the trouble to define the actions of the "actions" table, and to define which actions each "level" can perform and/or which actions each user can perform.


In addition to the structure and storage in the database, you will need some filter or other mechanism to check whether the user has permission or not to perform certain action.

And, to a more "fine" degree, you may want the interface itself to present elements of interaction, based on permissions.

I’ve already set up a CMS with all this I’m describing above - each user sees only the options in the menu and the buttons of the actions that are allowed. It looks pretty cool. Of course, in the back-end the system checks the permissions - because if the difference was only on the interface, a user would have the possibility to be successful when forging an HTTP request for an action that he is not allowed to perform.

I went further: a user who is allowed to give/remove permissions to other users can only "delegate" those actions that they themselves are allowed to perform. In the interface, made in Extjs, appears a "checkbox-Tree", where it is possible to mark/uncheck an entire group of actions at once, or each one individually...

Here are the tips and comments.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.