How to set background permissions in laravel (detailed steps)

Laravel is a popular PHP framework that provides developers with many conveniences and tools to speed up the development process. One particularly useful feature is its backend management permissions system. By setting Laravel's backend permissions, you ensure that only authorized users can access your application's admin interface. In this article, we will cover how to set background permissions in Laravel.

Step 1: Install the required software packages

Setting background permissions in Laravel requires the installation of the following software packages:

• Laravel Framework
• Laravel Permission

Laravel Permission is a popular permission management package that makes it easy to add a permission system to your application. You can install it into your Laravel project through the composer package manager with the following command:

composer require spatie/laravel-permission

After the installation is complete, you need to add the service provider in config/app.php And facade:

'providers' => [
    ...
    Spatie\Permission\PermissionServiceProvider::class,
],

'aliases' => [
    ...
    'Permission' => Spatie\Permission\Models\Permission::class,
    'Role' => Spatie\Permission\Models\Role::class,
],

Step Two: Create Routes and Controllers

Now, you need to create a set of routes and controllers to manage application permissions. You can define these routes in a web routing file, for example:

Route::group(['middleware' => ['auth']], function () {

    // 管理角色和权限
    Route::resource('roles', 'RoleController');
    Route::resource('permissions', 'PermissionController');

    // 管理用户角色分配
    Route::resource('users', 'UserController');
    Route::post('users/{user}/assign-roles', 'UserController@assignRoles')->name('users.assign.roles');
    Route::delete('users/{user}/remove-roles/{role}', 'UserController@removeRoles')->name('users.remove.roles');

});

In this example, we have four different routes defined:

• roles: Used to manage roles in the application.
• permissions: Used to manage permissions in the application.
• users: Used to manage users in the application and assign roles to them.
• assign-roles and remove-roles: used to assign and remove roles for users in the application.

Next step, create the controller, for example:

php artisan make:controller RoleController

In the controller, you need to write the method that matches the route. For example, when a user accesses the roles route, Laravel will call the index method in RoleController:

public function index()
{
    $roles = Role::paginate(10);

    return view('roles.index', compact('roles'));
}

This will return a list containing the roles view and send it back to the browser using Laravel nested routing. In a view, you use the Laravel Blade template engine to render data and display forms and buttons to the user if needed.

Step Three: Define Application Permissions

In order to restrict user access to the application management area, you need to define which roles can perform which actions. For example, you can assign the Administrator role to a user with full access, and the Editor role, who can only edit articles, to another set of users.

In the Laravel Permission package, you can define and manage these permissions using the Permission and Role models. For example, to create a permission called "Edit Articles" you would use the following code:

use Spatie\Permission\Models\Permission;

$editArticles = Permission::create(['name' => 'edit articles']);

This will create a new permission and store it in the database. Now you can assign it to any other role like Administrator or Editor.

Step Four: Use Middleware to Secure Routes

Now you need to use authmiddleware to restrict access to management routes. This middleware will ensure that users must be logged in to access protected routes.

You can use Laravel's Route::group method to wrap your route definition and apply the middleware to the entire group:

Route::group(['middleware' => ['auth']], function () {
    // 受保护的路由
});

Now, only those that have been passed Only authenticated users can access these routes.

Step Five: Use Laravel Permission to Authorize Access

Finally, you need to use the Laravel Permission package to control which roles can perform specific operations. For example, to ensure that only users with the "Edit Articles" permission can edit articles in your application, you can use the following code:

if(auth()->user()->can('edit articles')){
    // 可以编辑文章
} else {
    // 无权限
}

This code snippet checks if the currently authenticated user has the "Edit Articles" permissions. If the user has permissions, he or she can perform the relevant operations. Otherwise, they will not have the authority to make any changes.

Conclusion

Setting up background admin permissions in Laravel requires a few steps, but once you're familiar with them, you can easily control which users can perform which actions using the Laravel Permission package. This way, you ensure that only authorized users have access to your application management area, thereby protecting the security of your data and reducing security risks.

The above is the detailed content of How to set background permissions in laravel (detailed steps). For more information, please follow other related articles on the PHP Chinese website!