Skip to content

Installation

Jump to bottom
Marin Călin edited this page Apr 16, 2024 · 6 revisions

This package is available to be installed through Composer, by using

composer require codestage/laravel-authorization

Manual Installation

You can choose to do all that the installation does automatically yourself, by following the manual installation steps:

1. Publish the configuration file

php artisan vendor:publish --tag=configuration --provider=AuthorizationServiceProvider

2. Create the Permissions enum

Create a String-backed enum inside your app/Enums folder, that should implement the IPermissionEnum interface. For example:

<?php

namespace App\Enums;

use Codestage\Authorization\Contracts\IPermissionEnum;

enum Permission: string implements IPermissionEnum
{
    //
}

3. Update permissions_enum in the config file

Update the authorize.php configuration file, by setting the permissions_enum to your newly created Permission class. For example:

'permissions_enum' => App\Enums\Permission::class

4. Add the middleware

Update your application configuration file bootstrap/app.php to add the AuthorizationMiddleware to all groups where you want it to apply.

return Application::configure(...)
    ...
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->appendToGroup('web', AuthorizationMiddleware::class);
        $middleware->appendToGroup('api', AuthorizationMiddleware::class);
    })

This will check on each request whether the target is decorated with the Authorize attribute and perform authentication and authorization accordingly.

Note: Adding the middleware to the global middleware will not work because of how Laravel request pipeline works. It has to be added to middleware groups (or individual routes if you so choose) in order for authorization to work.

If you are using the old application structure, add the middleware to the Kernel

Inside your HTTP Kernel, you should add the AuthorizationMiddleware to all middleware groups. For example:

    protected $middlewareGroups = [
        'web' => [
            EncryptCookies::class,
            AddQueuedCookiesToResponse::class,
            StartSession::class,
            AuthenticateSession::class,
            ShareErrorsFromSession::class,
            VerifyCsrfToken::class,
            AuthorizationMiddleware::class,
            SubstituteBindings::class,
        ],

        'api' => [
            EnsureFrontendRequestsAreStateful::class,
            'throttle:api',
	    AuthorizationMiddleware::class,
	    SubstituteBindings::class,
        ],
    ];

Note 1: Adding the middleware to the global middleware will not work because of how Laravel request pipeline works. It has to be added to middleware groups (or individual routes if you so choose) in order for authorization to work.

Note 2: We strongly recommend adding the middleware before SubstituteBindings.

5. HasPermissions trait

Add the HasPermissions trait to your user model class (typically app/Models/User.php)

6. Run migrations

Run the migrations in order to create the required database schema.

php artisan migrate

Overview

Introduction

Installation

Roles and Permissions

Authorization

Simple authorization

Role-based authorization

Permission-based authorization

Policy-based authorization

Resource-based authorization

Clone this wiki locally