Reputation: 48983
Way to set a Route in a PHP Laravel App as being restricted for users with Permission only?
Don't want to read? Skip to the bottom for short version
I have an application built with PHP and Laravel for my company I work for.
I also have a custom per user, per page permission system which will allow my boss to set which pages an employee has access to on a per page basis.
Group permissions weren't enough so I had to get down to a per user, per page level.
I have the section built that allows to set the permissions per user for each page. The list of pages in this section is from a database table because some of the pages are outside of the app so in that instance the permission is simply to restrict the link to the page from showing up for a user.
What I need to do though is auto detect pages inside the Laravel app and have them show up in the list so permission can be set for pages in the app.
I found this code Route::getRoutes() which get me access to all Routes in the app however it isnt enough. It's output shown below....
Route::get('routes', function() {
$routeCollection = Route::getRoutes();
echo "<table style='width:100%'>";
echo "<tr>";
echo "<td width='10%'><h4>HTTP Method</h4></td>";
echo "<td width='10%'><h4>Route</h4></td>";
echo "<td width='80%'><h4>Corresponding Action</h4></td>";
echo "</tr>";
foreach ($routeCollection as $value) {
echo "<tr>";
echo "<td>" . $value->getMethods()[0] . "</td>";
echo "<td>" . $value->getPath() . "</td>";
echo "<td>" . $value->getActionName() . "</td>";
echo "</tr>";
}
echo "</table>";
});
results in this...
So using Route::getRoutes() gets me the data shown above. I could pick out just the GET routes an assume those are pages a person can view and set permissions on them however that isn't enough. What I mean is that several of them should not be in my list of pages that can have permissions set on.
I am looking for a way to possibbly set in my Routes where the Route is defined...set if that page should show up in my permissions page or not.
Here is an example route...
Route::get('/timeclock/calendar', array(
"as" => "timeclock/calendar",
"uses" => 'TimeClockController@showCalendar'
));
You can pass an array into the route, the above passes in an array with keys as and uses. Is it possible to also pass in my own key and then access it again when calling something like Route::getRoutes()?
If not, any ideas on how I might define if a route should or should not show up on my permissions page so that I can set it as yes or no from my actual routes page and then access that value in my permissions page so that my permissions page will only show routes that I have set as yes?
My Permissions page looks like this below and on the horizontal is a list of pages. THis list of pages is what I would liek to be able to define as being able to show up in the list or not show up here all from the Route page where I define and setup the route...
The Short Summary Version if you dont want to read above...
I have a permissions page in my Laravel app in which I need to list all pages/route that exist in the app and that have a setting to enable or disbale each one to be shown or not shown on my permission settings page.
Basically need to take a list of all routes that are available with Route::getRoutes() and define from my Routes.php file which route page should and should not show up on the list of pages on my permissions setting page.
Any ideas how I could define this simple yes or no value for each route and then access that decided value from the permission page?
Upvotes: 3
Views: 600
Answers (1)
Reputation: 43
That looks exactly like what I am working on right now! I am building a project template base on Laravel 5.1 and using Zizaco/entrust for the authorization. As @TheAlpha suggested I am using a middleware to allow any and all routes based on permissions. Users have Roles, Roles have permissions and each Route is assign a permission.
It's works well and is very flexible. If you want to go crazy you can permit a user to create and delete but not to see (show) or edit. It's not meant for the site admin to adjust but for the developer to set once (per release or version), then the site admin can tweak the roles as they want.
It's not on GitHub yet as I did not think that it was ready just yet, but if you need that part now, I can upload what I have now.
Love the layout of your perms assignment by the way... I have a set of dropdown, that I was never very happy about, but a matrix of checkbox is an interesting idea... I may get inspired, if you don't mind!
UPDATE: Here it is L51ESK. YMMV! No doc yet, sorry right in the thick of it... Stay tuned. Let me know if you have any questions.
Upvotes: 1
Related Questions
- laravel allowing only authenticated user to access a specific route
- How do I restrict routes to a certain user on laravel
- Laravel 5 deny route for non auth users
- Limit access to route by parameter value
- Prevent user from accessing some routes in Laravel
- Laravel only allow owner user to access route
- Laravel protect routes from users that are not admin
- Route restricting to that user and admin only
- How to restrict routes in Laravel 4?
- Setting up Laravel filters on routes to prevent certain users from accessing certain pages