From 0b9dcfdc448af058ca9edee41bb8bdd7588d2e44 Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 12:46:41 -0700 Subject: [PATCH 1/9] Show logged in user roles Before it was showing the first user role no matter which user was logged in which was confusing. --- app/Http/Controllers/ExamplesController.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/ExamplesController.php b/app/Http/Controllers/ExamplesController.php index 7c3d228..107353b 100644 --- a/app/Http/Controllers/ExamplesController.php +++ b/app/Http/Controllers/ExamplesController.php @@ -9,9 +9,8 @@ class ExamplesController extends Controller { public function show_my_roles() { -// $user = auth()->user(); -// or - $user = User::first(); + + $user = auth()->user(); $roles = $user->getRoleNames(); return var_export($roles, true); From 22d68520a8909a11e4bdc15e3eeaa4581b5c07e9 Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 13:13:26 -0700 Subject: [PATCH 2/9] Fixed it so "member" with no roles can edit own post --- app/Policies/PostPolicy.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Policies/PostPolicy.php b/app/Policies/PostPolicy.php index 60015ad..4748435 100644 --- a/app/Policies/PostPolicy.php +++ b/app/Policies/PostPolicy.php @@ -70,8 +70,8 @@ public function create(User $user) */ public function update(User $user, Post $post) { - if ($user->can('edit own posts')) { - return $user->id == $post->user_id; + if ($user->id == $post->user_id) { + return true; } if ($user->can('edit all posts')) { From d9851fa432d92e96960351e6704e0fd75076bb3c Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 13:14:30 -0700 Subject: [PATCH 3/9] Made interface a bit more user friendly Added various notes about the role you're logged in with and what permissions you have/don't have. Also added all the links to the various routes. --- resources/views/permissions-demo.blade.php | 17 +++++++--- resources/views/posts/edit.blade.php | 2 ++ resources/views/posts/index.blade.php | 12 ++++++- resources/views/posts/show.blade.php | 11 ++++++- resources/views/welcome.blade.php | 38 ++++++++++++++++++++-- 5 files changed, 72 insertions(+), 8 deletions(-) diff --git a/resources/views/permissions-demo.blade.php b/resources/views/permissions-demo.blade.php index 9577137..b1dc8f9 100644 --- a/resources/views/permissions-demo.blade.php +++ b/resources/views/permissions-demo.blade.php @@ -1,11 +1,20 @@ -@hasrole('writer') -

You have been assigned the [writer] role.

+@hasrole('author') +

You have been assigned the [author] role.

@else -

You do NOT have the writer role.

+

You do NOT have the author role.

@endhasrole -@can('edit articles') +@can('edit all posts')

You have permission to [edit articles].

@else

Sorry, you may NOT edit articles.

@endcan + + +
+ +
diff --git a/resources/views/posts/edit.blade.php b/resources/views/posts/edit.blade.php index e6bb02c..19a1527 100644 --- a/resources/views/posts/edit.blade.php +++ b/resources/views/posts/edit.blade.php @@ -1,2 +1,4 @@ This would be the edit form for the post: {{ $post->title }} + +

If you didn't have the edit articles PERMISSION that the "Writer" ROLE provides you would get a 403 error instead of this page. Try that out by logging in as admin account which won't have this permission and will return a 403 error.

diff --git a/resources/views/posts/index.blade.php b/resources/views/posts/index.blade.php index 395c798..71fba58 100644 --- a/resources/views/posts/index.blade.php +++ b/resources/views/posts/index.blade.php @@ -1,3 +1,13 @@ +@can('edit all posts') +

You have permission to [edit all posts]. Clicking Edit Post below will return a edit page

+@else +

You do NOT have permission to [edit all posts]. Clicking edit below will return a 403 Error UNLESS you own the post

+@endcan + @foreach($posts as $p) -

{{ $p->id }}. {{ $p->title }}

+

{{ $p->id }}. {{ $p->title }} (Edit Post)

@endforeach + +

+ Back to Demo Home Page +

diff --git a/resources/views/posts/show.blade.php b/resources/views/posts/show.blade.php index 6dcdee1..5aaa12c 100644 --- a/resources/views/posts/show.blade.php +++ b/resources/views/posts/show.blade.php @@ -1 +1,10 @@ -{{ $post->title }} +

Title: {{ $post->title }}

+

{{ $post->body }}

+ +@can('edit articles') +

Edit Post

+@endcan + +

+ Back to Demo Home Page +

diff --git a/resources/views/welcome.blade.php b/resources/views/welcome.blade.php index 4352a54..6c70f3f 100644 --- a/resources/views/welcome.blade.php +++ b/resources/views/welcome.blade.php @@ -16,7 +16,7 @@ -
+
@if (Route::has('login'))
@auth @@ -41,10 +41,44 @@
- @include('permissions-demo') + @hasrole('admin') +

You have been assigned the [admin] role.

+ @else +

You do NOT have the admin role.

+ @endhasrole + @can('edit all posts') +

You have permission to [edit all posts].

+ @else +

Sorry, you may NOT edit [edit all posts].

+ @endcan + +
+ + +
+
+

Example Accounts:

+
+

Admin Account with [admin] role

+

User: admin@example.com

+

Password: password

+
+
+

Author Account with [author] role

+

User: author@example.com

+

Password: password

+
+

Normal Account with No Permissions

+

User: member@example.com

+

Password: password

+
+
+

+ View Demo +

From fd4766e47910f432ed843743abb5e7bdd7384c47 Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 13:16:16 -0700 Subject: [PATCH 4/9] Updated seeder so it uses correct permission names It now matches the text class exactly. --- database/seeders/PermissionsDemoSeeder.php | 116 +++++++++++++++------ 1 file changed, 83 insertions(+), 33 deletions(-) diff --git a/database/seeders/PermissionsDemoSeeder.php b/database/seeders/PermissionsDemoSeeder.php index 4375e03..c2a1dd3 100644 --- a/database/seeders/PermissionsDemoSeeder.php +++ b/database/seeders/PermissionsDemoSeeder.php @@ -3,6 +3,8 @@ namespace Database\Seeders; // use Illuminate\Database\Console\Seeds\WithoutModelEvents; +use App\Models\Post; +use App\Models\User; use Illuminate\Database\Seeder; use Spatie\Permission\Models\Permission; use Spatie\Permission\Models\Role; @@ -10,46 +12,94 @@ class PermissionsDemoSeeder extends Seeder { + protected User $author; + protected User $admin; + protected User $member; + /** - * Create some roles and permissions. + * Create some roles and permissions, users, posts */ public function run(): void + { + + $this->setupPermissions(); + $this->setupUsers(); + $this->setupPosts(); + + } + + protected function setupPermissions(): void { // Reset cached roles and permissions app()[PermissionRegistrar::class]->forgetCachedPermissions(); - // create permissions - Permission::create(['name' => 'edit articles']); - Permission::create(['name' => 'delete articles']); - Permission::create(['name' => 'publish articles']); - Permission::create(['name' => 'unpublish articles']); - - // create roles and assign existing permissions - $role1 = Role::create(['name' => 'Writer']); - $role1->givePermissionTo('edit articles'); - $role1->givePermissionTo('delete articles'); - - $role2 = Role::create(['name' => 'Admin']); - $role2->givePermissionTo('publish articles'); - $role2->givePermissionTo('unpublish articles'); - - // create a demo user - $user = \App\Models\User::factory()->create([ - 'name' => 'Example User', - 'email' => 'test@example.com', - ]); - $user->assignRole($role1); - - - // super admin - Permission::create(['name' => 'assign roles']); - $role3 = Role::create(['name' => 'Super-Admin']); - $role3->givePermissionTo('assign roles'); - $admin = \App\Models\User::factory()->create([ - 'name' => 'Admin User', - 'email' => 'admin@example.com', - ]); - $admin->assignRole('Super-Admin'); + Permission::findOrCreate('view unpublished posts'); + Permission::findOrCreate('create posts'); + Permission::findOrCreate('edit own posts'); + Permission::findOrCreate('edit all posts'); + Permission::findOrCreate('delete own posts'); + Permission::findOrCreate('delete any post'); + + Role::findOrCreate('author') + ->givePermissionTo(['create posts', 'edit own posts', 'delete own posts']); + + Role::findOrCreate('admin') + ->givePermissionTo(['view unpublished posts', 'create posts', 'edit all posts', 'delete any post']); + } + + protected function setupUsers(): void + { + + + $this->author = User::factory()->create([ + 'name' => 'Example Author', + 'email' => 'author@example.com', + ]); + $this->author->assignRole('author'); + + $this->admin = User::factory()->create([ + 'name' => 'Admin User', + 'email' => 'admin@example.com', + ]); + $this->admin->assignRole('admin'); + + $this->member = User::factory()->create([ + 'name' => 'Example Member', + 'email' => 'member@example.com', + ]); + } + + protected function setupPosts() + { + Post::factory()->create([ + 'title' => 'This is the first post. (author)', + 'published' => 1, + 'user_id' => $this->author->id, + ]); + + Post::factory()->create([ + 'title' => 'This is the second post. (admin)', + 'published' => 1, + 'user_id' => $this->admin->id, + ]); + + Post::factory()->create([ + 'title' => 'This is the third post. (author)', + 'published' => 1, + 'user_id' => $this->author->id, + ]); + + Post::factory()->create([ + 'title' => 'This is the fourth post. (admin, unpublished)', + 'published' => 0, + 'user_id' => $this->admin->id, + ]); + + Post::factory()->create([ + 'title' => 'This is the fifth post. (member)', + 'published' => 1, + 'user_id' => $this->member->id, + ]); } } From 36128dd7e83983eef5c812f237f7e35afe76331e Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 13:17:16 -0700 Subject: [PATCH 5/9] Fixed tests for changes Will check for roles and permissions so that they actually match the seeder. --- tests/Feature/ExamplesTest.php | 2 +- tests/Feature/PermissionsDemoTest.php | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/Feature/ExamplesTest.php b/tests/Feature/ExamplesTest.php index 6875770..63770d7 100644 --- a/tests/Feature/ExamplesTest.php +++ b/tests/Feature/ExamplesTest.php @@ -21,6 +21,6 @@ public function it_responds_to_show_my_roles() $response->assertStatus(200); $response->assertSee('Collection'); - $response->assertSee('Writer'); + $response->assertSee('author'); } } diff --git a/tests/Feature/PermissionsDemoTest.php b/tests/Feature/PermissionsDemoTest.php index 6a42f07..ece9c19 100644 --- a/tests/Feature/PermissionsDemoTest.php +++ b/tests/Feature/PermissionsDemoTest.php @@ -16,8 +16,8 @@ public function setUp(): void { parent::setUp(); - $permission = Permission::create(['name' => 'edit articles']); - $role1 = Role::create(['name' => 'writer']); + $permission = Permission::create(['name' => 'edit all posts']); + $role1 = Role::create(['name' => 'admin']); $role1->givePermissionTo($permission->name); } @@ -28,7 +28,7 @@ public function it_recognizes_blade_hasrole_directive() { $response = $this->get('/'); - $response->assertSeeText('writer'); + $response->assertSeeText('admin'); $response->assertDontSeeText('@hasrole'); } @@ -39,7 +39,7 @@ public function it_shows_message_confirming_permission_is_not_granted() { $response = $this->get('/'); - $response->assertSeeText('Sorry, you may NOT edit articles.'); + $response->assertSeeText('Sorry, you may NOT edit [edit all posts]'); } /** @@ -48,13 +48,13 @@ public function it_shows_message_confirming_permission_is_not_granted() public function it_shows_message_confirming_permission_is_granted() { $user = \App\Models\User::factory()->create(); - $user->assignRole('writer'); + $user->assignRole('admin'); $response = $this->actingAs(\App\Models\User::find($user->id))->get('/'); $response->assertDontSeeText('@hasrole'); - $response->assertSeeText("You have permission to [edit articles]."); + $response->assertSeeText("You have permission to [edit all posts]."); } } From 77ad89b8d3de615a0f92acb1ef360d351f24f4cf Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 13:46:09 -0700 Subject: [PATCH 6/9] Added link to posts for guest users from welcome page To demo how the permissions work for guest users. --- resources/views/posts/index.blade.php | 2 +- resources/views/welcome.blade.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/resources/views/posts/index.blade.php b/resources/views/posts/index.blade.php index 71fba58..dc4300c 100644 --- a/resources/views/posts/index.blade.php +++ b/resources/views/posts/index.blade.php @@ -1,7 +1,7 @@ @can('edit all posts')

You have permission to [edit all posts]. Clicking Edit Post below will return a edit page

@else -

You do NOT have permission to [edit all posts]. Clicking edit below will return a 403 Error UNLESS you own the post

+

You do NOT have permission to [edit all posts]. Clicking edit below will return a 403 Error UNLESS you own the post. For guests they will get a redirect to login page

@endcan @foreach($posts as $p) diff --git a/resources/views/welcome.blade.php b/resources/views/welcome.blade.php index 6c70f3f..d4377d0 100644 --- a/resources/views/welcome.blade.php +++ b/resources/views/welcome.blade.php @@ -80,6 +80,10 @@ View Demo

+

+ View Posts As Guest User +

+
From 885093c6790351575b2e7e48fdd394a9fdd9259f Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 13:47:29 -0700 Subject: [PATCH 7/9] Changed scope so if you have permission to see unpublished you see them --- app/Models/Post.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/Models/Post.php b/app/Models/Post.php index 694c1de..44a415e 100644 --- a/app/Models/Post.php +++ b/app/Models/Post.php @@ -18,7 +18,12 @@ class Post extends Model public function scopePublished(Builder $query) { - return $query->where('published', 1); + //view unpublished posts if user has permission to + if(!auth()->user()?->getAllPermissions()->pluck('name')->contains('view unpublished posts')) + { + return $query->where('published', 1); + } + } public function author() From 51eb5fb285a1ca3518632cbbc051bdd4b68b73fa Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 14:01:19 -0700 Subject: [PATCH 8/9] Changed .env.example so it works with sqlite out of box --- .env.example | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.env.example b/.env.example index 92866ac..0e8c791 100644 --- a/.env.example +++ b/.env.example @@ -8,12 +8,12 @@ LOG_CHANNEL=stack LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug -DB_CONNECTION=mysql -DB_HOST=127.0.0.1 -DB_PORT=3306 -DB_DATABASE=laravel -DB_USERNAME=root -DB_PASSWORD= +DB_CONNECTION=sqlite +#DB_HOST=127.0.0.1 +#DB_PORT=3306 +#DB_DATABASE=laravel +#DB_USERNAME=root +#DB_PASSWORD= BROADCAST_DRIVER=log CACHE_DRIVER=file From 022b18c22fe9d0f346924c55755597f1d0d9df5e Mon Sep 17 00:00:00 2001 From: Pawel K <39682172+Pawel-IT@users.noreply.github.com> Date: Sun, 15 Dec 2024 14:02:01 -0700 Subject: [PATCH 9/9] Updated README.md with instructions on how to run demo --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 13cdf6a..2423756 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,21 @@ This is a simple app to demonstrate implementing the spatie/laravel-permission p Many of the code examples used in this demo also come from the examples in the Spatie package README. +## Running Demo +``` +composer install +npm install +# Setup your .env file, provided .env.example will work for sqlite +cp -n .env.example .env +touch database/database.sqlite +php artisan key:generate +php artisan db:seed + +# Run Dev Server +php artisan serve +``` -## Creating Your Own Demo +## Creating Your Own Demo From Scratch You could create your own with the following steps: Initial setup: