How to implement a permission management system in Laravel

How to implement a permission management system in Laravel

Introduction:
With the continuous development of web applications, the permission management system has become one of the basic functions of many applications. one. Laravel, as a popular PHP framework, provides a wealth of tools and functions to implement permission management systems. This article will introduce how to implement a simple and powerful permission management system in Laravel and provide specific code examples.

1. Design ideas of permission management system
When designing the permission management system, the following key points need to be considered:

1. Definition of roles and permissions: Role refers to The user's function or identity, and permissions refer to the user's ability to access system functions or resources.
2. The relationship between users and roles: A user can have multiple roles, and a role can be owned by multiple users.
3. The relationship between permissions and roles: A role can have multiple permissions, and one permission can be owned by multiple roles.
4. The relationship between routing and permissions: Routing determines the entrance for users to access system functions. Different routes may require different permissions to restrict access.

Based on the above design ideas, we can start to implement the permission management system in Laravel.

2. Database design and migration
In Laravel, we can use database migration to create and modify database tables. The following is a simple database design:

1. User table (users): stores basic information of users, such as user name, password, etc.
2. Role table (roles): stores basic information of roles, such as role name, description, etc.
3. Permissions table: stores basic information about permissions, such as permission names, descriptions, etc.
4. Role-permission association table (role_permission): records the corresponding relationship between roles and permissions.
5. User-role association table (user_role): records the corresponding relationship between users and roles.

First, create the migration file:

php artisan make:migration create_users_table
php artisan make:migration create_roles_table
php artisan make:migration create_permissions_table
php artisan make:migration create_role_permission_table
php artisan make:migration create_user_role_table

Then, write the table structure in the corresponding migration file (the code is omitted), and run the migration command:

php artisan migrate

3. Define model relationships
In Laravel, we can use the Eloquent model to define relationships between database tables. First, we need to define three models: User, Role, and Permission.

1. User model (User)

   namespace App;
   
   use IlluminateDatabaseEloquentModel;
   
   class User extends Model
   {
    // 用户与角色的多对多关系
    public function roles()
    {
        return $this->belongsToMany('AppRole')->withTimestamps();
    }
   
    // 判断用户是否拥有某个角色
    public function hasRole($role)
    {
        if (is_string($role)) {
            return $this->roles->contains('name', $role);
        }
   
        return !! $role->intersect($this->roles)->count();
    }
   
    // 判断用户是否拥有某个权限
    public function hasPermission($permission)
    {
        return $this->hasRole($permission->roles);
    }
   }

   Copy after login

2. Role model (Role)

   namespace App;
   
   use IlluminateDatabaseEloquentModel;
   
   class Role extends Model
   {
    // 角色与用户的多对多关系
    public function users()
    {
        return $this->belongsToMany('AppUser')->withTimestamps();
    }
   
    // 角色与权限的多对多关系
    public function permissions()
    {
        return $this->belongsToMany('AppPermission')->withTimestamps();
    }
   
    // 判断角色是否拥有某个权限
    public function hasPermission($permission)
    {
        if (is_string($permission)) {
            return $this->permissions->contains('name', $permission);
        }
   
        return !! $permission->intersect($this->permissions)->count();
    }
   }

   Copy after login

3. Permission model (Permission)

   namespace App;
   
   use IlluminateDatabaseEloquentModel;
   
   class Permission extends Model
   {
    // 权限与角色的多对多关系
    public function roles()
    {
        return $this->belongsToMany('AppRole');
    }
   }

   Copy after login

4. Middleware and routing settings
In order to implement the permission management system, we can use middleware to intercept and verify user access requests. First, we need to define a permission middleware.

1. Define permission middleware:

   namespace AppHttpMiddleware;
   
   use Closure;
   use IlluminateSupportFacadesAuth;
   
   class CheckPermission
   {
    public function handle($request, Closure $next, $permission)
    {
        $user = Auth::user();
        
        if ($user && $user->hasPermission($permission)) {
            return $next($request);
        }
        
        return redirect()->route('403'); // 没有权限则跳转到403页面
    }
   }

   Copy after login

2. Register permission middleware:
   In appHttpKernel.php $routeMiddlewareRegister permission middleware in the array:

   protected $routeMiddleware = [
    // ...
    'permission' => AppHttpMiddlewareCheckPermission::class,
   ];

   Copy after login

3. Associate middleware and routing:
   Define the requirements in routesweb.php Permission control routing, and use permissionmiddleware:

   Route::get('/members', 'MemberController@index')->middleware('permission:member_view');

   Copy after login

5. Controller and view
In the controller, you can use the following code example to view the user The identity is verified and the corresponding view is returned according to the permissions.

1. Method in controller:

   namespace AppHttpControllers;
   
   use IlluminateSupportFacadesAuth;
   
   class MemberController extends Controller
   {
    public function index()
    {
       if (Auth::user()->hasPermission('member_view')) {
            return view('members.index');
       }
       
       // 没有权限则跳转到403页面
       return redirect()->route('403');
    }
   }

   Copy after login

2. Code in view:

   @if(Auth::user()->hasPermission('member_view'))
    <!-- 具有查看成员的权限，显示相关内容 -->
    <table>
        ...
    </table>
   @else
    <!-- 没有权限，显示无权限提示 -->
    <div>您没有查看成员的权限</div>
   @endif

   Copy after login

   Six , Summary
   Through the above steps, we successfully implemented a simple and powerful permission management system in Laravel. By defining roles, permissions and corresponding relationships, using middleware to intercept routes, and judging permissions in controllers and views, we can achieve precise control of user access permissions. I hope this article can help you better understand and apply the permission management functions in Laravel.

   Reference:

   • Laravel official documentation (https://laravel.com/docs/8.x/)
   • Laravel Beyond CRUD series tutorials: Permissions Management (https://laravelbestpractices.com/series/show/laravel-beyond-crud/episodes/9)

   The above is the detailed content of How to implement a permission management system in Laravel. For more information, please follow other related articles on the PHP Chinese website!