Tarunn Tarunn - 7 months ago 19
PHP Question

Automate Entrust permission with accessing the Route name parameters and check for user's permission

I have implemented Entrust Roles for ACL layer. Now I'm planning to automate the permission check for each request so that, each time I don't have to write the permission for the user roles.

eg. I have company resource, and user role as 'admin', he can only view company and another user role as 'super' can manage company. In database I had provided them appropriate permissions but in the middleware to check there permission, I am planning to achieve this:

if url goes: localhost/company/create - In DB permission will be of create_company and current logged in user will be checked based on this permission.

$user->can('create_company') OR
$user->can(['create_company', 'view_company']);


Que1: Is this possible to achieve this with middle ware, where route names eg.company.create, company.show are accessible ( so that dots are replaced with '_' and we can check permission) ? How?

Que2: Is this nice approach to achieve automatic role checking or there is some other better approach.

Any help/suggestion would be highly appreciated.

Answer

Well I found the answer and to some extent I have made automated permission testing. I have created a function in the Authenticate.php middleware

public function autocheckroles($request)
{
    $perms = '';
    $delimiter = '_'.$request->segment(1);
    if($request->isMethod('GET')){

        if(is_numeric($request->segment(2)) && is_null($request->segment(3))){
            $perms = 'show'.$delimiter; 
        }
        elseif($request->segment(3) == 'edit' && 
            is_numeric($request->segment(2))){
            $perms = 'edit'.$delimiter;
        }
        elseif ($request->segment(2) == 'create'){
            $perms = 'create'.$delimiter;
        }
        elseif(is_null($request->segment(2)) && is_null($request->segment(3)) &&
            ! is_null($request->segment(1))){
            $perms = 'view'.$delimiter;
        } 
    }
    elseif($request->isMethod('POST')){
        if($request->segment(1)){
            $perms = 'create'.$delimiter;
        }           
    }
    elseif($request->isMethod('DELETE')){
        $perms = 'delete'.$delimiter;
    }
    elseif($request->isMethod('PUT') || $request->isMethod('PATCH')){
        if($request->segment(1)){
            $perms = 'edit'.$delimiter;
        }
    }
    return $perms;
}

This return me the permission based on the request method. Eg. create_perm OR create_role OR edit_role. This way, I don't have write each and every permission in middleware. It will check automatically based on the request.

// Check for the user role and automate the role permission
    $perform_action = $this->autocheckroles($request);
    // Super Admin with id number 1 dosen't require any permission
    if((\Auth::user()->id == '1') || \Auth::user()->can($perform_action)){
        return $next($request);
    }
    else
    {
        \Session::flash('flash_message', 'You are not authorized for this page.');
        return new RedirectResponse(url('/home'));
    }

This way, if user is not authorized he will be redirected to Dashboard(home) page and super user won't face any such authentication so he is excluded.

Hope this helps to others, in case you have better choice here, do let me know. Many thanks in advance.

Comments