Skip to content

A Laravel provider to allow for allows/denies checks in Blade templates

Notifications You must be signed in to change notification settings

psecio/propauth-provider

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

Policy Template (Blade) Service Provider for PropAuth

This service provider, for Laravel 5+ based applications, introduces the ability to perform PropAuth evaluation checks on the current user against pre-defined policies.

Usage

To use this provider, update your Laravel app's app.php configuration's "providers" section to pull in this provider:

<?php
'providers' => [
	/* other providers */
	\Psecio\PropAuth\PolicyTemplateServiceProvider::class,
]
?>

What else is required

This library requires two things:

Essentially, the requirement is that there's another service provider (in the example it's the PolicyServiceProvider) that defines your policies in a singleton named "policies" and returns an enforcer object. For example, you could put this in app/providers/PolicyServiceProvider.php:

<?php
namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Psecio\PropAuth\Enforcer;
use Psecio\PropAuth\Policy;
use Psecio\PropAuth\PolicySet;

class PolicyServiceProvider extends ServiceProvider
{
    public function register()
    {
    	$this->app->singleton('policies', function($app) {
    		$set = PolicySet::instance()
				->add('can-edit', Policy::instance()->hasUsername('ccornutt'))
			);

    		return Enforcer::instance($set);
    	});
    }
}
?>

This just defines the one policy, can-edit, where it checks the current user (pulled via \Auth::user()) to see if they have a username property of "ccornutt". With this in place, you can then use the service provider in this repo to add checks to your Blade templates.

For example, to use the can-edit check above you could use something like this:

@allows('can-edit')
they can edit!
@endallows

@denies('can-edit')
they're denied being able to edit
@enddenies

The two methods exposed are @allows and @denies with a required first parameter. You can also pass in optional parmeters if your PropAuth checks are more complex and use the closures handling. So, if your policy is defined like this:

<?php
$this->app->singleton('policies', function($app) {
	$set = PolicySet::instance()
		->add('can-delete', Policy::instance()->can(function($subject, $post) {
			return $post->author == 'ccornutt';
		})
	);

	return Enforcer::instance($set);
});
?>

You need to pass in a value/object for $post in the can-delete closure. You can do this by giving the @allows/@denies more optional parameters:

@allows('can-delete', $post)
Can delete this post because the username on the post is "ccornutt"
@endallows

About

A Laravel provider to allow for allows/denies checks in Blade templates

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages