parent
9a8557326b
commit
6812234119
12 changed files with 533 additions and 21 deletions
@ -0,0 +1,28 @@ |
||||
<?php |
||||
|
||||
namespace App\Providers; |
||||
|
||||
use Illuminate\Support\ServiceProvider; |
||||
use Illuminate\Routing\Router; |
||||
use Spatie\Permission\Middleware\RoleMiddleware; |
||||
use Spatie\Permission\Middleware\PermissionMiddleware; |
||||
|
||||
class MiddlewareServiceProvider extends ServiceProvider |
||||
{ |
||||
/** |
||||
* Register services. |
||||
*/ |
||||
public function register(): void |
||||
{ |
||||
// |
||||
} |
||||
|
||||
/** |
||||
* Bootstrap services. |
||||
*/ |
||||
public function boot(Router $router): void |
||||
{ |
||||
$router->aliasMiddleware('role', RoleMiddleware::class); |
||||
$router->aliasMiddleware('permission', PermissionMiddleware::class); |
||||
} |
||||
} |
||||
@ -0,0 +1,202 @@ |
||||
<?php |
||||
|
||||
return [ |
||||
|
||||
'models' => [ |
||||
|
||||
/* |
||||
* When using the "HasPermissions" trait from this package, we need to know which |
||||
* Eloquent model should be used to retrieve your permissions. Of course, it |
||||
* is often just the "Permission" model but you may use whatever you like. |
||||
* |
||||
* The model you want to use as a Permission model needs to implement the |
||||
* `Spatie\Permission\Contracts\Permission` contract. |
||||
*/ |
||||
|
||||
'permission' => Spatie\Permission\Models\Permission::class, |
||||
|
||||
/* |
||||
* When using the "HasRoles" trait from this package, we need to know which |
||||
* Eloquent model should be used to retrieve your roles. Of course, it |
||||
* is often just the "Role" model but you may use whatever you like. |
||||
* |
||||
* The model you want to use as a Role model needs to implement the |
||||
* `Spatie\Permission\Contracts\Role` contract. |
||||
*/ |
||||
|
||||
'role' => Spatie\Permission\Models\Role::class, |
||||
|
||||
], |
||||
|
||||
'table_names' => [ |
||||
|
||||
/* |
||||
* When using the "HasRoles" trait from this package, we need to know which |
||||
* table should be used to retrieve your roles. We have chosen a basic |
||||
* default value but you may easily change it to any table you like. |
||||
*/ |
||||
|
||||
'roles' => 'roles', |
||||
|
||||
/* |
||||
* When using the "HasPermissions" trait from this package, we need to know which |
||||
* table should be used to retrieve your permissions. We have chosen a basic |
||||
* default value but you may easily change it to any table you like. |
||||
*/ |
||||
|
||||
'permissions' => 'permissions', |
||||
|
||||
/* |
||||
* When using the "HasPermissions" trait from this package, we need to know which |
||||
* table should be used to retrieve your models permissions. We have chosen a |
||||
* basic default value but you may easily change it to any table you like. |
||||
*/ |
||||
|
||||
'model_has_permissions' => 'model_has_permissions', |
||||
|
||||
/* |
||||
* When using the "HasRoles" trait from this package, we need to know which |
||||
* table should be used to retrieve your models roles. We have chosen a |
||||
* basic default value but you may easily change it to any table you like. |
||||
*/ |
||||
|
||||
'model_has_roles' => 'model_has_roles', |
||||
|
||||
/* |
||||
* When using the "HasRoles" trait from this package, we need to know which |
||||
* table should be used to retrieve your roles permissions. We have chosen a |
||||
* basic default value but you may easily change it to any table you like. |
||||
*/ |
||||
|
||||
'role_has_permissions' => 'role_has_permissions', |
||||
], |
||||
|
||||
'column_names' => [ |
||||
/* |
||||
* Change this if you want to name the related pivots other than defaults |
||||
*/ |
||||
'role_pivot_key' => null, // default 'role_id', |
||||
'permission_pivot_key' => null, // default 'permission_id', |
||||
|
||||
/* |
||||
* Change this if you want to name the related model primary key other than |
||||
* `model_id`. |
||||
* |
||||
* For example, this would be nice if your primary keys are all UUIDs. In |
||||
* that case, name this `model_uuid`. |
||||
*/ |
||||
|
||||
'model_morph_key' => 'model_id', |
||||
|
||||
/* |
||||
* Change this if you want to use the teams feature and your related model's |
||||
* foreign key is other than `team_id`. |
||||
*/ |
||||
|
||||
'team_foreign_key' => 'team_id', |
||||
], |
||||
|
||||
/* |
||||
* When set to true, the method for checking permissions will be registered on the gate. |
||||
* Set this to false if you want to implement custom logic for checking permissions. |
||||
*/ |
||||
|
||||
'register_permission_check_method' => true, |
||||
|
||||
/* |
||||
* When set to true, Laravel\Octane\Events\OperationTerminated event listener will be registered |
||||
* this will refresh permissions on every TickTerminated, TaskTerminated and RequestTerminated |
||||
* NOTE: This should not be needed in most cases, but an Octane/Vapor combination benefited from it. |
||||
*/ |
||||
'register_octane_reset_listener' => false, |
||||
|
||||
/* |
||||
* Events will fire when a role or permission is assigned/unassigned: |
||||
* \Spatie\Permission\Events\RoleAttached |
||||
* \Spatie\Permission\Events\RoleDetached |
||||
* \Spatie\Permission\Events\PermissionAttached |
||||
* \Spatie\Permission\Events\PermissionDetached |
||||
* |
||||
* To enable, set to true, and then create listeners to watch these events. |
||||
*/ |
||||
'events_enabled' => false, |
||||
|
||||
/* |
||||
* Teams Feature. |
||||
* When set to true the package implements teams using the 'team_foreign_key'. |
||||
* If you want the migrations to register the 'team_foreign_key', you must |
||||
* set this to true before doing the migration. |
||||
* If you already did the migration then you must make a new migration to also |
||||
* add 'team_foreign_key' to 'roles', 'model_has_roles', and 'model_has_permissions' |
||||
* (view the latest version of this package's migration file) |
||||
*/ |
||||
|
||||
'teams' => false, |
||||
|
||||
/* |
||||
* The class to use to resolve the permissions team id |
||||
*/ |
||||
'team_resolver' => \Spatie\Permission\DefaultTeamResolver::class, |
||||
|
||||
/* |
||||
* Passport Client Credentials Grant |
||||
* When set to true the package will use Passports Client to check permissions |
||||
*/ |
||||
|
||||
'use_passport_client_credentials' => false, |
||||
|
||||
/* |
||||
* When set to true, the required permission names are added to exception messages. |
||||
* This could be considered an information leak in some contexts, so the default |
||||
* setting is false here for optimum safety. |
||||
*/ |
||||
|
||||
'display_permission_in_exception' => false, |
||||
|
||||
/* |
||||
* When set to true, the required role names are added to exception messages. |
||||
* This could be considered an information leak in some contexts, so the default |
||||
* setting is false here for optimum safety. |
||||
*/ |
||||
|
||||
'display_role_in_exception' => false, |
||||
|
||||
/* |
||||
* By default wildcard permission lookups are disabled. |
||||
* See documentation to understand supported syntax. |
||||
*/ |
||||
|
||||
'enable_wildcard_permission' => false, |
||||
|
||||
/* |
||||
* The class to use for interpreting wildcard permissions. |
||||
* If you need to modify delimiters, override the class and specify its name here. |
||||
*/ |
||||
// 'wildcard_permission' => Spatie\Permission\WildcardPermission::class, |
||||
|
||||
/* Cache-specific settings */ |
||||
|
||||
'cache' => [ |
||||
|
||||
/* |
||||
* By default all permissions are cached for 24 hours to speed up performance. |
||||
* When permissions or roles are updated the cache is flushed automatically. |
||||
*/ |
||||
|
||||
'expiration_time' => \DateInterval::createFromDateString('24 hours'), |
||||
|
||||
/* |
||||
* The cache key used to store all permissions. |
||||
*/ |
||||
|
||||
'key' => 'spatie.permission.cache', |
||||
|
||||
/* |
||||
* You may optionally indicate a specific cache driver to use for permission and |
||||
* role caching using any of the `store` drivers listed in the cache.php config |
||||
* file. Using 'default' here means to use the `default` set in cache.php. |
||||
*/ |
||||
|
||||
'store' => 'default', |
||||
], |
||||
]; |
||||
@ -0,0 +1,136 @@ |
||||
<?php |
||||
|
||||
use Illuminate\Database\Migrations\Migration; |
||||
use Illuminate\Database\Schema\Blueprint; |
||||
use Illuminate\Support\Facades\Schema; |
||||
|
||||
return new class extends Migration |
||||
{ |
||||
/** |
||||
* Run the migrations. |
||||
*/ |
||||
public function up(): void |
||||
{ |
||||
$teams = config('permission.teams'); |
||||
$tableNames = config('permission.table_names'); |
||||
$columnNames = config('permission.column_names'); |
||||
$pivotRole = $columnNames['role_pivot_key'] ?? 'role_id'; |
||||
$pivotPermission = $columnNames['permission_pivot_key'] ?? 'permission_id'; |
||||
|
||||
throw_if(empty($tableNames), new Exception('Error: config/permission.php not loaded. Run [php artisan config:clear] and try again.')); |
||||
throw_if($teams && empty($columnNames['team_foreign_key'] ?? null), new Exception('Error: team_foreign_key on config/permission.php not loaded. Run [php artisan config:clear] and try again.')); |
||||
|
||||
Schema::create($tableNames['permissions'], static function (Blueprint $table) { |
||||
// $table->engine('InnoDB'); |
||||
$table->bigIncrements('id'); // permission id |
||||
$table->string('name'); // For MyISAM use string('name', 225); // (or 166 for InnoDB with Redundant/Compact row format) |
||||
$table->string('guard_name'); // For MyISAM use string('guard_name', 25); |
||||
$table->timestamps(); |
||||
|
||||
$table->unique(['name', 'guard_name']); |
||||
}); |
||||
|
||||
Schema::create($tableNames['roles'], static function (Blueprint $table) use ($teams, $columnNames) { |
||||
// $table->engine('InnoDB'); |
||||
$table->bigIncrements('id'); // role id |
||||
if ($teams || config('permission.testing')) { // permission.testing is a fix for sqlite testing |
||||
$table->unsignedBigInteger($columnNames['team_foreign_key'])->nullable(); |
||||
$table->index($columnNames['team_foreign_key'], 'roles_team_foreign_key_index'); |
||||
} |
||||
$table->string('name'); // For MyISAM use string('name', 225); // (or 166 for InnoDB with Redundant/Compact row format) |
||||
$table->string('guard_name'); // For MyISAM use string('guard_name', 25); |
||||
$table->timestamps(); |
||||
if ($teams || config('permission.testing')) { |
||||
$table->unique([$columnNames['team_foreign_key'], 'name', 'guard_name']); |
||||
} else { |
||||
$table->unique(['name', 'guard_name']); |
||||
} |
||||
}); |
||||
|
||||
Schema::create($tableNames['model_has_permissions'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotPermission, $teams) { |
||||
$table->unsignedBigInteger($pivotPermission); |
||||
|
||||
$table->string('model_type'); |
||||
$table->unsignedBigInteger($columnNames['model_morph_key']); |
||||
$table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_permissions_model_id_model_type_index'); |
||||
|
||||
$table->foreign($pivotPermission) |
||||
->references('id') // permission id |
||||
->on($tableNames['permissions']) |
||||
->onDelete('cascade'); |
||||
if ($teams) { |
||||
$table->unsignedBigInteger($columnNames['team_foreign_key']); |
||||
$table->index($columnNames['team_foreign_key'], 'model_has_permissions_team_foreign_key_index'); |
||||
|
||||
$table->primary([$columnNames['team_foreign_key'], $pivotPermission, $columnNames['model_morph_key'], 'model_type'], |
||||
'model_has_permissions_permission_model_type_primary'); |
||||
} else { |
||||
$table->primary([$pivotPermission, $columnNames['model_morph_key'], 'model_type'], |
||||
'model_has_permissions_permission_model_type_primary'); |
||||
} |
||||
|
||||
}); |
||||
|
||||
Schema::create($tableNames['model_has_roles'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotRole, $teams) { |
||||
$table->unsignedBigInteger($pivotRole); |
||||
|
||||
$table->string('model_type'); |
||||
$table->unsignedBigInteger($columnNames['model_morph_key']); |
||||
$table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_roles_model_id_model_type_index'); |
||||
|
||||
$table->foreign($pivotRole) |
||||
->references('id') // role id |
||||
->on($tableNames['roles']) |
||||
->onDelete('cascade'); |
||||
if ($teams) { |
||||
$table->unsignedBigInteger($columnNames['team_foreign_key']); |
||||
$table->index($columnNames['team_foreign_key'], 'model_has_roles_team_foreign_key_index'); |
||||
|
||||
$table->primary([$columnNames['team_foreign_key'], $pivotRole, $columnNames['model_morph_key'], 'model_type'], |
||||
'model_has_roles_role_model_type_primary'); |
||||
} else { |
||||
$table->primary([$pivotRole, $columnNames['model_morph_key'], 'model_type'], |
||||
'model_has_roles_role_model_type_primary'); |
||||
} |
||||
}); |
||||
|
||||
Schema::create($tableNames['role_has_permissions'], static function (Blueprint $table) use ($tableNames, $pivotRole, $pivotPermission) { |
||||
$table->unsignedBigInteger($pivotPermission); |
||||
$table->unsignedBigInteger($pivotRole); |
||||
|
||||
$table->foreign($pivotPermission) |
||||
->references('id') // permission id |
||||
->on($tableNames['permissions']) |
||||
->onDelete('cascade'); |
||||
|
||||
$table->foreign($pivotRole) |
||||
->references('id') // role id |
||||
->on($tableNames['roles']) |
||||
->onDelete('cascade'); |
||||
|
||||
$table->primary([$pivotPermission, $pivotRole], 'role_has_permissions_permission_id_role_id_primary'); |
||||
}); |
||||
|
||||
app('cache') |
||||
->store(config('permission.cache.store') != 'default' ? config('permission.cache.store') : null) |
||||
->forget(config('permission.cache.key')); |
||||
} |
||||
|
||||
/** |
||||
* Reverse the migrations. |
||||
*/ |
||||
public function down(): void |
||||
{ |
||||
$tableNames = config('permission.table_names'); |
||||
|
||||
if (empty($tableNames)) { |
||||
throw new \Exception('Error: config/permission.php not found and defaults could not be merged. Please publish the package configuration before proceeding, or drop the tables manually.'); |
||||
} |
||||
|
||||
Schema::drop($tableNames['role_has_permissions']); |
||||
Schema::drop($tableNames['model_has_roles']); |
||||
Schema::drop($tableNames['model_has_permissions']); |
||||
Schema::drop($tableNames['roles']); |
||||
Schema::drop($tableNames['permissions']); |
||||
} |
||||
}; |
||||
@ -0,0 +1,46 @@ |
||||
<?php |
||||
|
||||
namespace Database\Seeders; |
||||
|
||||
use Illuminate\Database\Seeder; |
||||
use Spatie\Permission\Models\Role; |
||||
use Spatie\Permission\Models\Permission; |
||||
use App\Models\User; |
||||
|
||||
class RolePermissionSeeder extends Seeder |
||||
{ |
||||
public function run(): void |
||||
{ |
||||
// Xóa cache phân quyền (nếu có) |
||||
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions(); |
||||
|
||||
// Tạo permissions |
||||
$permissions = [ |
||||
'manage users', |
||||
'edit articles', |
||||
'delete articles', |
||||
'publish articles', |
||||
'view dashboard', |
||||
]; |
||||
|
||||
foreach ($permissions as $perm) { |
||||
Permission::firstOrCreate(['name' => $perm]); |
||||
} |
||||
|
||||
// Tạo roles |
||||
$admin = Role::firstOrCreate(['name' => 'admin']); |
||||
$editor = Role::firstOrCreate(['name' => 'editor']); |
||||
$viewer = Role::firstOrCreate(['name' => 'viewer']); |
||||
|
||||
// Gán permission cho role |
||||
$admin->syncPermissions($permissions); |
||||
$editor->syncPermissions(['edit articles', 'publish articles']); |
||||
$viewer->syncPermissions(['view dashboard']); |
||||
|
||||
// Gán role cho user test (ID = 1) |
||||
$user = User::find(1); |
||||
if ($user) { |
||||
$user->assignRole('admin'); |
||||
} |
||||
} |
||||
} |
||||
Loading…
Reference in new issue