I have implemented small test code with Laravel Policies . I am wondering whether this is the right method to implement an roles based permission system. I also used Entrust Role Permission package too. My requirement is as follows :
1. List of Roles
2. List of Modules
3. Each Module has set of permissions
4. Each Role linked with Set of Permissions
Policies seems to connected with Models. When we create a complex application which we group Models in to components (or services providers), this approach seems to be difficult. Kindly advice on this issue .
Thanks in advance
Related
Hello there I am working on a project in Laravel in which i need to assign permission to each user so that i could verify on each blade file or controller function to check whether the current user has the permission to perform this. Moreover, the side nav links are also generated using these permissions dynamically.
I created two tables:
1: User => [ID, Name .....]
2: Permissions => [ID, Name, user_id(fk)]
To solve this problem, i have stored all the permissions of users in session at the time of login. So that i can verify all permissions on each page and generate links fetching from session.
Is that good approach or there is any better solution for this
It would be good if you had share more code but i can see what you are want to archive. Firstly you dont need to store in the Session because you have already a relation between user Object and Permission. Add to your User model this lines of code:
public function permissions() {
return $this->belongsTo(User::class);
}
Then you have access in your blade or controller to the permission. Small example in the controller:
$user = User::find(1);
dd($user->permissions);
// you can write a condition to check if user has Permission etc.
Yes you can store this is the session. But the more better option will be to get the permission through relation object like
user::find(1)->permissions()
Well if you're asking "better solution" ... but I Not sure if it's too late for this information since you're already developing the project. However, I would recommnend this package for your long term management (for both user and dev).
Spatie Laravel-permission package
It has Role based permission and Direct permission design (which is similar to your design). Once you installed the package then role and permission tables are created for you.
Once you created desired roles with permissions, it's easy for you to manage which page to allow for which role and which button show be shown.
You can check roles in your controller for those who can view this page.
In blade, you can check both roles and permission for which button to show or disable.
Hence, your don't need to worry about session settings or session expires. It's better for maintaining and development in future.
The Spatie package has simple syntax and easy to work with.
Installation:
composer require spatie/laravel-permission
Syntax:
Basic usage and syntax
There are plenty information or tutorials out there.
I am using SonarQube (SQ) 6.0 community version and trying to setup authorization using groups and project permissions. There doesn't appear to be a way to assign permissions to a created group, even though the defined SQ groups have permissions assigned to them. What I wanted to do was assign permissions to a created group via the Admininistration->Security->Global Permissions process. But this action only returns the Anyone and sonar-administrators defined groups based on the usage of the internal API api/permissions/groups, which only returns groups with permissions. This same API is used in the action Administration->Projects->Management->Actions->Edit Permissions. From this last action the goal was to remove permissions for this project from the Anyone group and allow permissions from a created group (which would apply to the users in that group). But that doesn't seem possible. I've looked at permission templates, but that doesn't seem to allow association to a group. What I'm really attempting to do is a common RBAC process, which SQ does not seem to support. Is there a solution in SQ for this capability?
Yup, the UI is very confusing in this area, I struggled for quite some time before realising what to do.
What you need to do is first search for a string in the search box ("sonar" is a good query), and then the list will be populated with all users/groups matching that query. You can then assign them permissions as you see fit.
There are two different concepts at work here. Global permissions grant users and groups the ability to make global-level changes, i.e. changes that effect everyone such as which plugins are installed and what rules are active in a Quality Profile. Project permissions grant users and groups the ability to see and change individual projects.
Once your group is created and populated, you have two options:
Edit Permissions of Individual Permissions
Give the group specific permissions to individual projects by navigating to the project, then Administration > Permissions. This could get tedious if you have a lot of projects to update.
Create a Permissions Template
Create a permission template (Administration > Security > Permission Templates) and populate it by granting the group specific permissions. At this point no permissions have actually changed.
Once your template is properly constructed, you can apply it to projects individually, en masse, and/or by default as new projects are created via the template's Project Key Pattern. You can also make your new template the default so that its settings are automatically applied to all new projects regardless of project key.
Note that there is no ongoing relationship between a Permissions Template and the projects to which it has been applied. Subsequently editing a template will not update the permissions of any project.
I have made two login system. a) for Users and b) for Administrator.
But the problem is the app/config/auth.php in laravel has the default model=>'User' and
table=>'users' and I have two models and tables for different users.
How can I use the two different models and tables for login?
What you're doing is considered bad practice - you should take a look at role based permission systems or helpers. I have a few suggestions for you:
Sentry - Most popular, comes with permission system and roles
Entrust - Let's you add role based permissions
You should never repeat stuff for the same type of resource - that's like having a blog where you have a table for each category, it just doesn't really work and it's incredibly time consuming to keep up to date and in sync.
You should change your style right now, take the opportunity, it will save you time in the long run, believe me.
In Joomla 2.5 I have a custom component installed that is only available to the Administrator. I would like to make this component available to the Manager Group as well.
Can someone please tell me what file I must edit? Is it an XML file in the administrator/components/name_here/? Or is this a lot more complicated than I think?
I hope I am reading the right file, this Joomla system is a mad hatter.
It's not just an XML file your component will need to check the permissions a user has.
Since Joomla! 1.6 there is an extensive Access Control (ACL) mechanism implemented for front-end and backend access. You can define an unlimited number of Groups all with different access levels on a per component basis (this presumes that the component is written correctly). The default groups that are created with the initial setup can be deleted or renamed and may not to exist on all installations, users can create groups of any name with any range of permissions.
I would recommend starting with the Access Control List/2.5/Tutorial this will give you a better understanding of the new ACL.
Then from the "Developing a Model-View-Controller Component/2.5" tutorial, re-read "Adding ACL" article, if you need custom rules you will probably want to read the Adding ACL Rules to your component article as well.
Does it affect the way joomla authenticate users if I add a custom user groups in the Joomla 1.5.15 and does it make it less secure?
I'm planning to add a custom group using the table jos_core_acl_aro_groups as described at http://docs.joomla.org/Custom_user_groups.
But someone told me that if I add a new user group and the group_id is greater than 25 (this is the ID of the Super Administrator), that new group will have the same access as the super admin in the default joomla core files without changing anything just the additional user group. Is this true?
Don't you have a local instsall of Joomla to try this?
Anyways, it's not true because it can't be, why should the group_id define the access rights? That would be a terrible ACL implementation. But please try it, before you actually use it live.
In Joomla 1.5 you can make user groups but they will have one of the existing role patterns. In Joomla 1.6 (alpha) there will be full flexibility in defining your groups, roles and granular ownership settings for each article, module, etc.
There are several extension you can find at:
http://extensions.joomla.org/extensions/access-a-security
Which enhance the core ACL functions. Give them a look and you'll probably find the solution without hacking the core files.