How to implement permission based navigation menu in Laravel

As websites and applications become more and more complex, permission management becomes critical. When a user logs in through authentication, we want them to be able to access pages and features to which they have permission, but not to pages and features to which they do not have permission. This article will explain how to implement a permission-based navigation menu in Laravel so that we can easily control what the user can see.

Step 1: Install Laravel and configure the database

If you are already familiar with Laravel, you can skip this step. Otherwise follow these steps to install Laravel:

1. Install Composer: If you haven’t installed Composer yet, please follow the official guide to install it first.

2. Install Laravel: Open the terminal and use Composer to install Laravel.

   composer global require laravel/installer

3. Configure the database: Set the database connection parameters in the .env file.

   DB_CONNECTION=mysql
   DB_HOST=127.0.0.1
   DB_PORT=3306
   DB_DATABASE=your_database_name
   DB_USERNAME=your_username
   DB_PASSWORD=your_password

4. Run migrations: Run database migrations to create the required tables.

   php artisan migrate

Step 2: Set up routes and controllers

In this example, we will create a controller named DashboardController and define three routes for it :/dashboard, /users, /roles. Necessary permission checks can be added in the controller's constructor.

<?php

namespace AppHttpControllers;

use IlluminateHttpRequest;

class DashboardController extends Controller
{
    public function __construct()
    {
        $this->middleware(['auth', 'permissions']); // 添加授权中间件
    }

    public function index()
    {
        return view('dashboard');
    }

    public function users()
    {
        return view('users');
    }

    public function roles()
    {
        return view('roles');
    }
}

Step 3: Set permission rules

Next, we need to define permission rules. We create a file called permissions.php in which we define all the required permissions. You can modify or add more permission rules according to your business needs.

return [
    'admin' => [
        'dashboard' => true,
        'users' => true,
        'roles' => true,
    ],
    'editor' => [
        'dashboard' => true,
        'users' => false,
        'roles' => false,
    ],
    'user' => [
        'dashboard' => true,
        'users' => false,
        'roles' => false,
    ],
];

Step 4: Create middleware and register

We need to create a middleware to check the user's permissions. Create a middleware named CheckPermissions in the /app/Http/Middleware directory.

<?php

namespace AppHttpMiddleware;

use Closure;
use IlluminateSupportFacadesAuth;

class CheckPermissions
{
    public function handle($request, Closure $next)
    {
        $user = Auth::user();
        $routeName = $request->route()->getName();

        if (!$user->hasPermission($routeName)) {
            abort(403);
        }

        return $next($request);
    }
}

As you can see, the middleware gets the route name from the request and uses the Auth::user() method to check whether the user has permission to access the route. If there is no permission, a 403 Forbidden status will be returned.

Then we need to register the middleware into the application. Open the /app/Http/Kernel.php file and find the $middlewareGroups array. Add a middleware called permissions in the web array.

protected $middlewareGroups = [
    'web' => [
        // ...
        AppHttpMiddlewareCheckPermissions::class,
    ],
    // ...
];

Step Five: Create View and Navigation Menu

When creating the navigation menu in the view file, we need to check whether the user has permission to access each link. Use the Auth::user() method to check whether the current user has specific permissions for a feature.

<nav>
    <ul>
        <li><a href="{{ route('dashboard') }}" @if (!Auth::user()->hasPermission('dashboard'))disabled@endif>Dashboard</a></li>
        <li><a href="{{ route('users') }}" @if (!Auth::user()->hasPermission('users'))disabled@endif>Users</a></li>
        <li><a href="{{ route('roles') }}" @if (!Auth::user()->hasPermission('roles'))disabled@endif>Roles</a></li>
    </ul>
</nav>

Step 6: Check permissions

In the user model, we define a method called hasPermission(). This method accepts a route name and then checks whether the user has access to that route.

public function hasPermission($routeName)
{
    $role = $this->role;
    $permissions = config('permissions.' . $role);

    return isset($permissions[$routeName]) && $permissions[$routeName];
}

We use the config() function to read the permission rules and check whether the user has access permission to the route. We also use the role attribute in the user model to get the role of that user.

Now we have successfully created a permission-based navigation menu that automatically disables links when the user accesses a prohibited page. Hope this article can help you master how to use Laravel to implement permission-based navigation menu.

The above is the detailed content of How to implement permission based navigation menu in Laravel. For more information, please follow other related articles on the PHP Chinese website!