In my new Laravel 5.8 app I read next article to use roles with jwt extention :
https://scotch.io/tutorials/role-based-authentication-in-laravel-with-jwt
and in seed I add several roles, like :
\DB::table('roles')->insert(array (
0 =>
array (
'id' => 1,
'name' => 'Admin',
'display_name' => 'Admin',
'description' => 'Administrator. Can do all operations in system',
'created_at' => '2019-04-29 11:03:50',
),
1 =>
array (
'id' => 2,
'name' => 'Manager',
'display_name' => 'Manager. Can do all operations in frontend and CRUD for Hostels/CMS items in Backend',
'description' => 'Manager description...',
'created_at' => '2019-04-29 11:03:50',
),
2 =>
array (
'id' => 3,
'name' => 'Customer',
'display_name' => 'Customer. Can do all operations in frontend',
'description' => 'Customer description...',
'created_at' => '2019-04-29 11:03:50',
),
));
and I see assignRole method, when I need to assign some role to user.
What is unclear for me what for Permissions and “permission_role” data.
Do I need them for my simple app structure? If yes, please provide some examples...
Thanks!
We can't answer your question if you don't specify what your application needs to do. You can have roles without permissions or permissions without roles depending on your application. But if you want the provided tutorial to work you need them.
Permissions are specific actions of a role.
Example Permisson table data:
Permission-id: 1
Permission-name: 'Create Blog Post'
You can assign this permission to a role 'Admin' (Role-id: 1).
Your permission_role table contains the relationship between those two. So for the above example:
permission_role
'permission_id': 1, 'role_id': 1;
Which means that The admin role can 'Create Blog Post' in this case.
Related
I'm using this package, https://github.com/artdarek/oauth-4-laravel but only getting id and user name.
I need additional data like email, firstname, lastname etc
I used this package as also need to integrate login with google also
'Facebook' => array(
'client_id' => 'aaa----aaaaa',
'client_secret' => 'xxx----xxxxx',
'callback_url' => 'http://staging.crossinghoods.com/customer-account/login/fb/callback',
'scope' => array('email'),
),
$result = json_decode( $fb->request( '/me?fields=email,first_name,last_name,picture' ), true );
These two steps solved my issue. But it was not found in the documentation.
I use Entrust before to control ACL in Laravel when my project is still Laravel 4, and now with Laravel 5.2 Entrust no longer work, especialy in route filtering.
And then I find this package and trying to use it, but still got a lot of question, so to make it more simple I will explain my use case when I use entrust:
First I want to make a permission for create, view, update and delete for article, in Entrust I will create permission like create_article, view_article, update_article and delete_article.
But now in Kodeine when I create permission there is "slug" so I tried to do this like in documentation say
$permUser = $permission->create([
'name' => 'article',
'slug' => [ // pass an array of permissions.
'create' => true,
'view' => true,
'update' => true,
'delete' => true
],
'description' => 'Manange article'
]);
So from what I read it will be just grouping all of my article permission into one place and there is slug with each parameters view, create, update, delete.
The problem I see is, if I want to make my users to only can view article, how to do that based on permission that I created up there?
Since from documentation the to assignPermission is only give permission name and that mean it will include all slug in there and it will be all true?
So if I want to make users only can view article I need to create something like
$permUser = $permission->create([
'name' => 'article_view',
'slug' => [ // pass an array of permissions.
'view' => true,
],
'description' => 'view article'
]);
And if I want to make users only can create article then I will mean I need to create
$permUser = $permission->create([
'name' => 'article_create',
'slug' => [ // pass an array of permissions.
'create' => true,
],
'description' => 'create article'
]);
then what's the point of slug - is it just pretty much the same like role but with parameter in slug?
As I wrote in your github issue, I suggest you to keep all your article permissions as you alredy have it, in one big group but all of them set to false (keep in mind that you may need to change your 'most_permissive_wins' variable in your acl config file). You can create a "child" group permission for your users role using Inheritance, setting to true all of those permissions your users need. You can then asign that child group to your users role (not the big one) and the user role tou your specific user. To clarify my answer, lets say you have this group:
$permArticles = $permission->create([
'name' => 'articles',
'slug' => [ // pass an array of permissions.
'create' => false,
'view' => false,
'update' => false,
'delete' => false,
],
'description' => 'All articles module permissions'
]);
then you can create something like:
$articlesPermUser = Permission::create([
'name' => 'articles.user',
'slug' => [ // an array of permissions only for student
'view' => true,
],
// we use permission inheriting.
'inherit_id' => $permArticles->getKey(),
'description' => 'user articles permissions'
]);
then you assign your new permission to your user role (I am assuming you alredy have a role name 'user'):
$userRole = Role::where('slug', 'user')->first();
$userRole->assignPermission('articles.user');
And finally you assign that role to... let say your logged user:
Auth::user()->assignRole($userRole);
You can also solve this problem by overwriting the permission, this could be done assigning a specific permission value to a user (but yes, you would need to do this for every single user in your app if needed, so I dont like this solution at all).
Lets say we keep our big group:
$permArticles = $permission->create([
'name' => 'articles',
'slug' => [ // pass an array of permissions.
'create' => false,
'view' => false,
'update' => false,
'delete' => false,
],
'description' => 'All articles module permissions'
]);
As this group says, any rol with your article permission assgined will not be able to do anything in your articles module. Lets say your user role alredy has this permission, but you want a certain user (lets say the logged one) be able to update an article. You can set the specific update permission value to true like so:
Auth::user()->addPermission('update.articles', true);
//or
Auth::user()->addPermission('articles', [
'update' => true,
]);
Thank you for the answer but over the time, I already find a perfect solution that match what I need. It is not much different from what I do in entrust.
So first I will just create a permission like this for view article
$class = 'article';
$permission = new Kodeine\Acl\Models\Eloquent\Permission();
$permUser = $permission->create([
'name' => $class.'_view',
'slug' => [
'view' => true,
],
'description' => 'View '.$class
]);
and then another one for example create article
$class = 'article';
$permission = new Kodeine\Acl\Models\Eloquent\Permission();
$permUser = $permission->create([
'name' => $class.'_create',
'slug' => [
'create' => true,
],
'description' => 'Create '.$class
]);
and later just assign those permission to user role, for example I want to make this user role to be can view article
$roleAdmin = Kodeine\Acl\Models\Eloquent\Role::where('name','=','user_1');
$roleAdmin->assignPermission('article_view');
I still don't understand about Inheritance feature, and I needed to do this quickly. It maybe not an ideal way, but it's works for me.
I am running the following code (I've hidden ID's) to add/update a subscriber's interest groups in a MailChimp list:
$mailchimp->patch('lists/1234567/members/' . md5('test#test.com'), [
'status' => 'subscribed',
'merge_fields' => array(
'FNAME' => 'Ben',
'LNAME' => 'Sinclair',
),
'interests' => array(
'abcd1234' => true,
'defg6789' => true,
),
]);
The interests key is what I'm having issues with.
I presumed whatever you put in this key will overwrite what currently exists.
It doesn't seem to be the case. It only adds new interests but does not remove any if the ID's are not in the array. I am not getting any errors.
Does anyone know how to overwrite interest groups? Or if that's not possible, is there a way to remove interest groups?
For completion I wanted to add this answer so people stumbling upon this post can find a quick solution.
$mailchimp->patch('lists/1234567/members/' . md5('test#test.com'), [
'status' => 'subscribed',
'merge_fields' => array(
'FNAME' => 'Ben',
'LNAME' => 'Sinclair',
),
'interests' => array(
'abcd1234' => true, // Attached
'defg6789' => false, // Detached
)
]);
In this example the interest 'abcd1234' will be attached and the interest 'defg6789' will be detached.
Other interests that are not listed will remain on their original value.
i am using " romanbican - bicon roles ", i don't see sufficient information for the " Creating Roles ",
code is available but i don't know where i paste this code, please suggest quick steps to implement permissions.
I used this same laravel package and simply created a new controller and route pointing to the the following controller methods:
public function getRoleAdmin()
{
$adminRole = Role::create([
'name' => 'Admin',
'slug' => 'admin',
'description' => 'System Administrator', // optional
'level' => 1, // optional, set to 1 by default
]);
}
public function getRoleModerator()
{
$moderatorRole = Role::create([
'name' => 'Forum Moderator',
'slug' => 'forum.moderator',
'description' => 'Forum Moderator',
'level' => 1,
]);
}
I then created a simple view with a button for each calling the appropriate route/controller/method to create either a new moderator or administrator role. You will see that calling Role::create simply creates a new record in the roles table with these attributes which you could easily perform with a standard DB call to insert into the table. I used the same approach for creating/deleting permissions.
I am already using a number of Google API services, such as Calendar and Google+ profiles, but using the Directory services is proving difficult.
Here is the scope I'm declaring in my local_config - everything has been working until I added the final line...
// Definition of service specific values like scopes, oauth token URLs, etc
'services' => array(
'analytics' => array('scope' => 'https://www.googleapis.com/auth/analytics.readonly'),
'calendar' => array(
'scope' => array(
"https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/calendar.readonly",
)
),
'books' => array('scope' => 'https://www.googleapis.com/auth/books'),
'latitude' => array(
'scope' => array(
'https://www.googleapis.com/auth/latitude.all.best',
'https://www.googleapis.com/auth/latitude.all.city',
)
),
'moderator' => array('scope' => 'https://www.googleapis.com/auth/moderator'),
'oauth2' => array(
'scope' => array(
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
)
),
'plus' => array('scope' => 'https://www.googleapis.com/auth/plus.login'),
'siteVerification' => array('scope' => 'https://www.googleapis.com/auth/siteverification'),
'tasks' => array('scope' => 'https://www.googleapis.com/auth/tasks'),
'urlshortener' => array('scope' => 'https://www.googleapis.com/auth/urlshortener'),
'directory' => array('scope' => 'https://www.googleapis.com/auth/admin')
I have tried a few different combos, but nothing seems to work - here is the error I'm getting...
Some requested scopes were invalid.
{valid=[https://www.googleapis.com/auth/tasks,
https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/userinfo.profile,
https://www.googleapis.com/auth/userinfo.email], invalid=[https://www.googleapis.com/auth/admin]}
I'm trying to pull Group listings at the moment, but I'll need other Admin sdk features later.
Thanks! Let me know if I need to add any more details.
Admin SDK scopes are listed at:
https://developers.google.com/admin-sdk/directory/v1/guides/authorizing