AuthUser is flexible authorization system for Laravel, It checks the route
permission to access a certain portion of the site or application. To add Permissions
User-based
, Role-based
, Conditionally
. It uses
authority.checkpost
middleware for filter permission of current accessing route,
Under this middleware checked every permission of the user login.
Require this package in your composer.json
or install it by running:
composer require journeycx/laravel-authuser
Now, insert into your config/app.php
.
"provider" => [
JourneyCX\AuthUser\AuthUserServiceProvider::class
];
Now, run this command after that config/authuser.php
and
app/Http/Middleware/AuthUserCheckpostMiddleware.php
files are publish.
php artisan vendor:publish --tag="authuser"
Now, insert into your app/Http/Kernel.php
.
protected $routeMiddleware = [
'authority.checkpost' => \App\Http\Middleware\AuthUserCheckpostMiddleware::class
];
Use authority.checkpost
middleware for handle permission base routes.
Route::group(['middleware' => 'authority.checkpost'], function () {
// Place all those routes here which needs authentication and authorization.
});
Now, the basic setup is ready you need to configure rules of permissions using
config/authuser
.
The structure of permissions given below, but it's highly recommended to read more on docs`.
[
'allow' => ['*'], // Allowed permission to user. Priority is less than deny.
'deny' => ['temp1'], // Deny permission to user. Priority is higher than allow.
]
canAccess('temp1');
// false
canAccess('temp1');
// true or false
Authentication not required
canPublicAccess();
// true or false
$accessId
, By default it check current route and return
response in boolean value, And it can check access of perticular user by
passing user id ($requestForUserId)
parameter.
AuthUser::check('temp1');
// true or false
Authentication not required
$accessId
, By default it check current route and return
response in boolean value.
AuthUser::isPublicAccess('temp1');
// true or false
@canAccess()
// your logic here.
@endAccess;
Authentication not required
@canPublicAccess()
// your logic here.
@endAccess;