How to handle roles and permissions in Laravel with Laratrust

Laratrust is a Laravel package that lets you handle very easily everything related to authorization (roles and permissions) inside your application. All of this through a very simple configuration process and API.

Installation

You can install Laratrust with composer by running  this command:

composer require "santigarcor/laratrust:5.2.*"
 
Then publish all the configuration files:
 
php artisan vendor:publish --tag="laratrust"
 

Now generate the Laratrust migration:

php artisan laratrust:migration

 

It will generate the <timestamp>_laratrust_setup_tables.php migration. You may now run it with the artisan migrate command:

php artisan migrate

 

After the migration, five (or six if you use teams feature) new tables will be present:

  • roles :stores role records.
  • permissions: stores permission records.
  • teams : stores teams records (Only if you use the teams feature).
  • role_user : stores polymorphic relations between roles and users.
  • permission_role : stores many-to-many relations between roles and permissions.
  • permission_user : stores polymorphic relations between users and permissions.
 

Let's start by creating the following Roles:

$owner = new Role();
$owner->name         = 'owner';
$owner->display_name = 'Project Owner'; // optional
$owner->description  = 'User is the owner of a given project'; // optional
$owner->save();

$admin = new Role();
$admin->name         = 'admin';
$admin->display_name = 'User Administrator'; // optional
$admin->description  = 'User is allowed to manage and edit other users'; // optional
$admin->save();

 

Now we need to add Permissions:

$createPost = new Permission();
$createPost->name         = 'create-post';
$createPost->display_name = 'Create Posts'; // optional
// Allow a user to...
$createPost->description  = 'create new blog posts'; // optional
$createPost->save();

$editUser = new Permission();
$editUser->name         = 'edit-user';
$editUser->display_name = 'Edit Users'; // optional
// Allow a user to...
$editUser->description  = 'edit existing users'; // optional
$editUser->save();

 

By using the LaratrustRoleTrait we can do the following:

Assignment

 

$admin->attachPermission($createPost); // parameter can be a Permission object, array or id
// equivalent to $admin->permissions()->attach([$createPost->id]);

$owner->attachPermissions([$createPost, $editUser]); // parameter can be a Permission object, array or id
// equivalent to $owner->permissions()->attach([$createPost->id, $editUser->id]);

$owner->syncPermissions([$createPost, $editUser]); // parameter can be a Permission object, array or id
// equivalent to $owner->permissions()->sync([$createPost->id, $editUser->id]);
 

Removal

 

$admin->detachPermission($createPost); // parameter can be a Permission object, array or id
// equivalent to $admin->permissions()->detach([$createPost->id]);

$owner->detachPermissions([$createPost, $editUser]); // parameter can be a Permission object, array or id
// equivalent to $owner->permissions()->detach([$createPost->id, $editUser->id]);

 

With both roles created let's assign them to the users. Thanks to the LaratrustUserTrait this is as easy as

Assignment

$user->attachRole($admin); // parameter can be a Role object, array, id or the role string name
// equivalent to $user->roles()->attach([$admin->id]);

$user->attachRoles([$admin, $owner]); // parameter can be a Role object, array, id or the role string name
// equivalent to $user->roles()->attach([$admin->id, $owner->id]);

$user->syncRoles([$admin->id, $owner->id]);
// equivalent to $user->roles()->sync([$admin->id, $owner->id]);

$user->syncRolesWithoutDetaching([$admin->id, $owner->id]);
// equivalent to $user->roles()->syncWithoutDetaching([$admin->id, $owner->id]);

 

Removal

$user->detachRole($admin); // parameter can be a Role object, array, id or the role string name
// equivalent to $user->roles()->detach([$admin->id]);

$user->detachRoles([$admin, $owner]); // parameter can be a Role object, array, id or the role string name
// equivalent to $user->roles()->detach([$admin->id, $owner->id]);

 

Thanks for reading this article, you can check this link to know more tips and tricks about the Laratrust package.

Tags :