From fe9fd1a7d323881951efb4b11b8ec057bbf8ce98 Mon Sep 17 00:00:00 2001 From: Dobando <1692898084@qq.com> Date: Fri, 5 Jul 2024 16:49:27 +0800 Subject: [PATCH 1/2] feat: Integrate Laravel's built-in authorization Gates - Integrate Laravel's built-in authorization Gates (#70) - Added guidance for Gates in README.md --- README.md | 10 ++++++++++ src/LauthzServiceProvider.php | 22 ++++++++++++++++++++++ tests/GatesAuthorizationTest.php | 28 ++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 tests/GatesAuthorizationTest.php diff --git a/README.md b/README.md index cd2b3ed..1a40335 100755 --- a/README.md +++ b/README.md @@ -277,6 +277,16 @@ Route::group(['middleware' => ['http_request']], function () { }); ``` +### Using Gates + +You can use Laravel Gates to check if a user has a permission, provided that you have set an existing user instance as the currently authenticated user using `Auth::login`. See [Gates](https://laravel.com/docs/11.x/authorization#gates) for more details. + +```php +if(Gate::allows('enforcer', ['articles', 'read'])) { + // The user can read articles +}; +``` + ### Multiple enforcers If you need multiple permission controls in your project, you can configure multiple enforcers. diff --git a/src/LauthzServiceProvider.php b/src/LauthzServiceProvider.php index 273f42b..7221d2f 100644 --- a/src/LauthzServiceProvider.php +++ b/src/LauthzServiceProvider.php @@ -2,8 +2,10 @@ namespace Lauthz; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\ServiceProvider; use Lauthz\Contracts\ModelLoader; +use Lauthz\Facades\Enforcer; use Lauthz\Loaders\ModelLoaderFactory; use Lauthz\Models\Rule; use Lauthz\Observers\RuleObserver; @@ -56,5 +58,25 @@ public function register() $this->app->bind(ModelLoader::class, function($app, $config) { return ModelLoaderFactory::createFromConfig($config); }); + + $this->registerGates(); + } + + /** + * Register a gate that allows users to use Laravel's built-in Gate to call Enforcer. + * + * @return void + */ + protected function registerGates() + { + Gate::define('enforcer', function ($user, ...$args) { + $identifier = $user->getAuthIdentifier(); + if (method_exists($user, 'getAuthzIdentifier')) { + $identifier = $user->getAuthzIdentifier(); + } + $identifier = strval($identifier); + + return Enforcer::enforce($identifier, ...$args); + }); } } diff --git a/tests/GatesAuthorizationTest.php b/tests/GatesAuthorizationTest.php new file mode 100644 index 0000000..9923c7d --- /dev/null +++ b/tests/GatesAuthorizationTest.php @@ -0,0 +1,28 @@ +assertFalse(Gate::allows('enforcer', ['data1', 'read'])); + } + + public function testAfterLogin() + { + $this->login('alice'); + $this->assertTrue(Gate::allows('enforcer', ['data1', 'read'])); + $this->assertTrue(Gate::allows('enforcer', ['data2', 'read'])); + $this->assertTrue(Gate::allows('enforcer', ['data2', 'write'])); + + $this->login('bob'); + $this->assertFalse(Gate::allows('enforcer', ['data1', 'read'])); + $this->assertTrue(Gate::allows('enforcer', ['data2', 'write'])); + } +} From c47091353e23c9c0b2c3590a382807a8b28dce10 Mon Sep 17 00:00:00 2001 From: Dobando <1692898084@qq.com> Date: Thu, 8 Aug 2024 00:13:50 +0800 Subject: [PATCH 2/2] docs: fix CI badge and update TOC in README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cd8f53a..7c16187 100755 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@

- Build Status + Build Status Coverage Status @@ -35,6 +35,7 @@ All you need to learn to use `Casbin` first. * [Using a middleware](#using-a-middleware) * [basic Enforcer Middleware](#basic-enforcer-middleware) * [HTTP Request Middleware ( RESTful is also supported )](#http-request-middleware--restful-is-also-supported-) + * [Using Gates](#using-gates) * [Multiple enforcers](#multiple-enforcers) * [Using artisan commands](#using-artisan-commands) * [Cache](#using-cache)