Implementing RBAC Rights Management in Laravel 5 using the Entrust Expansion Pack (i): Installation configuration Chapter

Entrust provides a simple and flexible way for us to implement role-based Rights Management (RBAC) in Laravel.

1. Installation

To use entrust in Laravel, you first need to install its dependent packages through composer:

Composer require Zizaco/entrust 5.2.x-dev

After the installation is complete, you need to register the service provider to the providers array in config/app.php:

Zizaco\entrust\entrustserviceprovider::class,

Also register the corresponding façade to the aliases array in the configuration file:

' Entrust ' = Zizaco\entrust\entrustfacade::class,

If you want to use middleware (requires Laravel 5.1 or later) you also need to add the following code to the app/http/kernel.php routemiddleware array:

' Role ' = \zizaco\entrust\middleware\entrustrole::class, ' permission ' and \zizaco\entrust\middleware\ Entrustpermission::class, ' ability ' = \zizaco\entrust\middleware\entrustability::class,

2. Configuration

Setting the appropriate values in profile config/auth.php, Entrust uses these configuration values to select the appropriate user tables and model classes.

You can also publish the configuration of the expansion pack for subsequent customization of related table names and the namespace of the model class:

PHP Artisan Vendor:publish

The command creates a entrust.php file under the Config directory.

3. User Role Permissions Table

Next we use the migration command provided by entrust to generate the migration file:

PHP Artisan entrust:migration

Then generate the corresponding data table with the following command:

PHP Artisan Migrate

4 new tables will eventually be generated:

• roles--Storage Roles
• permissions--Storage Permissions
• role_user--a many-to-many relationship between storage roles and users
• permission_role--a many-to-many relationship between storage roles and permissions

4. Model class

Role

We need to create the Role model class app/models/role.php and edit its contents as follows:

     
The role model has three main attributes:
    
 
 

  
  
 
   
The unique name of the name--role, such as "admin", "owner", "employee", etc.
 
   
display_name--human-readable role names such as "Backstage manager", "author", "Employer", etc.
 
   
description--a detailed description of the role
 
  
 
 
    
The Display_name and Description properties are optional, and the corresponding word defaults in the database is considered empty.
    
Permission
    
Next create the Permission model app/models/permission.php and edit its contents as follows:
    
      
The permission model also has three main properties:
    
  
  

   
   
 
    
The unique name of the name--permission, such as "Create-post", "edit-post", etc.
 
    
display_name--Human readable permission names, such as "Publish article", "edit article", etc.
 
    
description--A detailed description of this permission
 
   
  
  
    
User
    
Next we use the entrustusertrait in the user model:
    
       
This will establish an association between user and role: Add roles (), Hasrole ($name), Can ($permission), and ability ($roles, $permissions, $options) in the user model Method.
    
Soft Delete
    
OnDelete (' cascade ') is used by default in the association table generated using the migration command provided by entrust so that the parent record is removed and its corresponding association is removed. If you cannot use cascading deletions in the database for any reason, you can manually delete the records in the associated table Entrustrole, entrustpermission classes, and event listeners provided by Hasrole trait. If the model uses soft deletion, the event listener will not delete the associated table data when the data is accidentally deleted. However, because of the limitations of the Laravel event listener, it is not possible to distinguish between the call to delete () or forcedelete () for this reason, you must manually delete all associated data before you delete a model (unless your data table uses cascading deletions):
    
$role = Role::findorfail (1); Pull back a given role//Regular delete$role->delete (); This would work no matter what//Force delete$role->users ()->sync ([]); Delete Relationship data$role->perms ()->sync ([]); Delete relationship data$role->forcedelete (); Now force delete would work regardless of whether the pivot table have cascading delete
    
In the next section we will demonstrate how to implement RBAC using entrust in Laravel.
 