• Stars
    star
    481
  • Rank 91,384 (Top 2 %)
  • Language
    PHP
  • License
    Other
  • Created over 8 years ago
  • Updated 12 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Admin interface for managing users, roles, permissions, using Backpack CRUD

Backpack\PermissionManager

Latest Version on Packagist Software License Build Status Quality Score Style CI Total Downloads

Admin interface for spatie/laravel-permission. It allows admins to easily add/edit/remove users, roles and permissions, using Laravel Backpack.

As opposed to some other packages:

  • a user can have multiple roles;
  • a user can have extra permissions, in addition to the permissions on the roles he has;

This package is just a user interface for spatie/laravel-permission. It will install it, and let you use its API in code. Please refer to their README for more information on how to use in code.

Edit a user in Backpack/PermissionManager

Security updates and breaking changes

Please subscribe to the Backpack Newsletter so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.

Install

  1. This package assumes you've already installed Backpack for Laravel. If you haven't, please install Backpack first.

  2. In your terminal:

composer require backpack/permissionmanager
  1. Finish all installation steps for spatie/laravel-permission, which as been pulled as a dependency. Run its migrations. Publish its config files. Most likely it's:
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider" --tag="permission-migrations"
php artisan migrate
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider" --tag="permission-config"
// then, add the Spatie\Permission\Traits\HasRoles trait to your User model(s)
  1. Publish backpack\permissionmanager config file & the migrations:
php artisan vendor:publish --provider="Backpack\PermissionManager\PermissionManagerServiceProvider" --tag="config" --tag="migrations"

Note: We recommend you to publish only the config file and migrations, but you may also publish lang and routes.

  1. Run the migrations:
php artisan migrate
  1. The package assumes it's ok to use the default Backpack user model (most likely App\Models\User to administer Users. Use a different one if you'd like by changing the user model in the config/backpack/permissionmanager.php file. Any model you're using, make sure it's using the CrudTrait and HasRoles traits:
<?php namespace App\Models;

use Backpack\CRUD\app\Models\Traits\CrudTrait; // <------------------------------- this one
use Spatie\Permission\Traits\HasRoles;// <---------------------- and this one
use Illuminate\Foundation\Auth\User as Authenticatable; 

class User extends Authenticatable
{
    use CrudTrait; // <----- this
    use HasRoles; // <------ and this

    /**
     * Your User Model content
     */
  1. [Optional] Add a menu item for it in resources/views/vendor/backpack/base/inc/sidebar_content.blade.php or menu.blade.php:
<!-- Users, Roles, Permissions -->
<li class="nav-item nav-dropdown">
    <a class="nav-link nav-dropdown-toggle" href="#"><i class="nav-icon la la-users"></i> Authentication</a>
    <ul class="nav-dropdown-items">
        <li class="nav-item"><a class="nav-link" href="{{ backpack_url('user') }}"><i class="nav-icon la la-user"></i> <span>Users</span></a></li>
        <li class="nav-item"><a class="nav-link" href="{{ backpack_url('role') }}"><i class="nav-icon la la-id-badge"></i> <span>Roles</span></a></li>
        <li class="nav-item"><a class="nav-link" href="{{ backpack_url('permission') }}"><i class="nav-icon la la-key"></i> <span>Permissions</span></a></li>
    </ul>
</li>
  1. [Optional] If you want to use the @can handler inside Backpack routes, you can:

(7.A.) Change Backpack to use the default web guard instead of its own guard. Inside config/backpack/base.php change:

    // The guard that protects the Backpack admin panel.
    // If null, the config.auth.defaults.guard value will be used.
-   'guard' => 'backpack',
+   'guard' => null,

Note:

  • when you add new roles and permissions, the guard that gets saved in the database will be "web";

OR

(7.B.) Add a middleware to all your Backpack routes by adding this to your config/backpack/base.php file:

    // The classes for the middleware to check if the visitor is an admin
    // Can be a single class or an array of clases
    'middleware_class' => [
        App\Http\Middleware\CheckIfAdmin::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+       Backpack\CRUD\app\Http\Middleware\UseBackpackAuthGuardInsteadOfDefaultAuthGuard::class,
    ],

Why? spatie/laravel-permission uses the Auth facade for determining permissions with @can. The Auth facade uses the default guard defined in config/auth.php, NOT our backpack guard.

Please note:

  • this will make auth() return the exact same thing as backpack_auth() on Backpack routes;
  • you only need this if you want to use @can; you can just as well use @if(backpack_user()->can('read')), which does the exact same thing, but works 100% of the time;
  • when you add new roles and permissions, the guard that gets saved in the database will be "backpack";
  1. [Optional] Disallow create/update on your roles or permissions after you define them, using the config file in config/backpack/permissionmanager.php. Please note permissions and roles are referenced in code using their name. If you let your admins edit these strings and they do, your permission and role checks will stop working.

Customize UserCrudController

If you would like to add more fields to the default user controller provided by this package, you can bind your own controller to overwrite the one provided in this package:

// in some ServiceProvider, AppServiceProvider for example

$this->app->bind(
    \Backpack\PermissionManager\app\Http\Controllers\UserCrudController::class, //this is package controller
    \App\Http\Controllers\Admin\UserCrudController::class //this should be your own controller
);

// this tells Laravel that when UserCrudController is requested, your own UserCrudController should be served.

API Usage

Because the package requires spatie/laravel-permission, the API will be the same. Please refer to their README file for a complete API. Here's a summary though:

Using permissions

A permission can be given to a user:

backpack_user()->givePermissionTo('edit articles');

A permission can be revoked from a user:

backpack_user()->revokePermissionTo('edit articles');

You can test if a user has a permission:

backpack_user()->hasPermissionTo('edit articles');

Saved permissions will be registered with the Illuminate\Auth\Access\Gate-class. So you can test if a user has a permission with Laravel's default can-function.

backpack_user()->can('edit articles');

Using roles and permissions

A role can be assigned to a user:

backpack_user()->assignRole('writer');

A role can be removed from a user:

backpack_user()->removeRole('writer');

You can determine if a user has a certain role:

backpack_user()->hasRole('writer');

You can also determine if a user has any of a given list of roles:

backpack_user()->hasAnyRole(Role::all());

You can also determine if a user has all of a given list of roles:

backpack_user()->hasAllRoles(Role::all());

The assignRole, hasRole, hasAnyRole, hasAllRoles and removeRole-functions can accept a string, a Role-object or an \Illuminate\Support\Collection-object.

A permission can be given to a role:

$role->givePermissionTo('edit articles');

You can determine if a role has a certain permission:

$role->hasPermissionTo('edit articles');

A permission can be revoked from a role:

$role->revokePermissionTo('edit articles');

The givePermissionTo and revokePermissionTo-functions can accept a string or a Permission-object.

Saved permission and roles are also registered with the Illuminate\Auth\Access\Gate-class.

backpack_user()->can('edit articles');

Using blade directives

This package also adds Blade directives to verify whether the currently logged in user has all or any of a given list of roles.

@role('writer')
    I\'m a writer!
@else
    I\'m not a writer...
@endrole
@hasrole('writer')
    I\'m a writer!
@else
    I\'m not a writer...
@endhasrole
@hasanyrole(Role::all())
    I have one or more of these roles!
@else
    I have none of these roles...
@endhasanyrole
@hasallroles(Role::all())
    I have all of these roles!
@else
    I don\'t have all of these roles
@endhasallroles

You can use Laravels native @can directive to check if a user has a certain permission.

Upgrade from 3.x to 4.x

To upgrade from PermissionManager 3.x to 4.x:

  • upgrade to spatie/laravel-permission 2.28.2+ - do take note that the DB has changed, and they don't provide a track of the changes;
  • require backpack/permissionmanager version 4.0.* in your composer.json file;
  • delete your old config/backpack/permissionmanager.php file;
  • follow the installation steps above;

If you are upgrading to a Laravel 8 instalation, please note that User Model may have moved from App\User::class to App\Models\User::class, check if your config is compliant with that change config/backpack/permissionmanager.php.

Change log

Please see CHANGELOG for more information what has changed recently.

Overwriting functionality

If you need to modify how this works in a project:

  • create a routes/backpack/permissionmanager.php file; the package will see that, and load your routes file, instead of the one in the package;
  • create controllers/models that extend the ones in the package, and use those in your new routes file;
  • modify anything you'd like in the new controllers/models;

When creating your own controllers, seeders, make sure you use the BackpackUser model, instead of the User model in your app. The easiest would be to use config('backpack.base.user_model_fqn') which pulls in the User model fully qualified namespace, as defined in your config/backpack/base.php. You might need to instantiate it using $model = config('backpack.base.user_model_fqn'); $model = new $model; in order to do things like $model->where(...).

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Please subscribe to the Backpack Newsletter so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.

Credits

License

Backpack is free for non-commercial use and 49 EUR/project for commercial use. Please see License File and backpackforlaravel.com for more information.

Hire us

We've spend more than 50.000 hours creating, polishing and maintaining administration panels on Laravel. We've developed e-Commerce, e-Learning, ERPs, social networks, payment gateways and much more. We've worked on admin panels so much, that we've created one of the most popular software in its niche - just from making public what was repetitive in our projects.

If you are looking for a developer/team to help you build an admin panel on Laravel, look no further. You'll have a difficult time finding someone with more experience & enthusiasm for this. This is what we do. Contact us. Let's see if we can work together.

More Repositories

1

CRUD

Build custom admin panels. Fast!
PHP
2,816
star
2

Base

Until 2018, Backpack v3 used this Base package to offer admin authentication and a blank admin panel using AdminLTE. Backpack v4 no longer uses this package, they're now built-in - use Backpack/CRUD instead.
PHP
891
star
3

BackupManager

Admin interface for managing database and file backups in Backpack for Laravel
PHP
305
star
4

demo

A working demo of Laravel with all Backpack packages installed.
PHP
301
star
5

Generators

Generate files for Backpack projects
PHP
296
star
6

PageManager

Administer presentation pages in Laravel, using page templates and Backpack\CRUD
PHP
279
star
7

LogManager

An interface to preview, download and delete Laravel log files, using Backpack.
PHP
261
star
8

Settings

Application settings interface for Backpack (for Laravel 6).
PHP
228
star
9

NewsCRUD

An admin panel for news with categories and tags, using Backpack CRUD on Laravel 10
PHP
205
star
10

MenuCRUD

An admin panel for menu items, using Backpack\CRUD on Laravel 6 or 7.
Blade
182
star
11

LangFileManager

A quick interface to edit Laravel language files, for Backpack.
PHP
90
star
12

FileManager

Admin interface for files & folders, using elFinder.
PHP
79
star
13

docs

45
star
14

revise-operation

An admin interface for venturecraft/revisionable - audit log for your Eloquent entries.
PHP
42
star
15

basset

Better asset helpers for Laravel apps.
PHP
36
star
16

community-forum

A workspace to discuss improvement and feature ideas, before they're actually implemented.
25
star
17

theme-tabler

UI for Backpack v6 that uses Tabler and Bootstrap v5.
Blade
16
star
18

activity-log

PHP
13
star
19

download-operation

PHP
10
star
20

medialibrary-uploaders

PHP
8
star
21

language-switcher

Multi language dropdown for Backpack v6
PHP
7
star
22

addons

A place for the Backpack community to talk about possible Backpack add-ons.
5
star
23

theme-coreuiv2

UI that uses CoreUI v2 and Bootstrap v4, provided as a legacy theme for Backpack v6.
Blade
4
star
24

theme-coreuiv4

UI for Backpack v6 that uses CoreUI v4 and Bootstrap v5.
Blade
3
star
25

devtools-issues

Bug reports and feature requests for our closed-source DevTools package
3
star
26

legal-documents

All legal documents for the Backpack organisation. Full transparency.
1
star