- Custom Access Control System (Authentication/Users/Roles/Permissions)
- Register/Login/Logout/Password Reset
- Third party login (Github/Facebook/Twitter/Google)
- Account Confirmation By E-mail
- Resend Confirmation E-mail
- Administrator Management
- User Index
- Activate/Deactivate Users
- Soft & Permanently Delete Users
- Ban Users
- Resend User Confirmation E-mails
- Change Users Password
- Create/Manage Roles
- Create/Manage Permissions
- Manage Users Roles/Permissions
- Default Responsive Layout
- Frontend and Backend Controllers
- User Dashboard
- Administration Dashboard with Admin LTE Theme
- Namespaced Routes
- Form/HTML Facades Included
- Default Forms Converted to Form Helper Methods
- Master Layout Files with common sections
- Elixir Compilation and Auto-Prefixation of CSS in header
- Elixir Compilation and Auto-Prefixation of JS in footer
- Helper functions
- Javascript/jQuery Snippets
- Bootstrap 3 (LESS/SASS)
- HTML5 Boilerplate v5.0
- Font Awesome (LESS/SASS)
- Global Messages/Exception Handling
- Form Macros (State and Country dropdowns, easy to extend)
- Socialite Integration
- Laracast Generators
- Stripe wrapper class for easy implementation
- Standards
- Clean Controllers
- Repository/Contract Implementations
- Request Classes
- Events/Handlers
- Entire application split between frontend/backend
composer install
npm install
- Create .env file (example below)
php artisan key:generate
php artisan migrate
- Set administrator info in UserTableSeeder.php
php artisan db:seed
- run
gulp
orgulp watch
(Install gulp (sudo npm install -g gulp) if needed)
APP_ENV=local
APP_DEBUG=true
APP_URL=http://localhost
APP_KEY=WILL BE GENERATED
DB_HOST=localhost
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=root
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_FROM=
MAIL_NAME=
STRIPE_KEY=
STRIPE_SECRET=
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_REDIRECT=
FACEBOOK_CLIENT_ID=
FACEBOOK_CLIENT_SECRET=
FACEBOOK_REDIRECT=
TWITTER_CLIENT_ID
TWITTER_CLIENT_SECRET
TWITTER_REDIRECT=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT=
/*
* Role model used by Access to create correct relations. Update the role if it is in a different namespace.
*/
access.role
/*
* Roles table used by Access to save roles to the database.
*/
access.roles_table
/*
* Permission model used by Access to create correct relations.
* Update the permission if it is in a different namespace.
*/
access.permission
/*
* Permissions table used by Access to save permissions to the database.
*/
access.permissions_table
/*
* permission_role table used by Access to save relationship between permissions and roles to the database.
*/
access.permission_role_table
/*
* permission_user table used by Access to save relationship between permissions and users to the database.
* This table is only for permissions that belong directly to a specific user and not a role
*/
access.permission_user_table
/*
* assigned_roles table used by Access to save assigned roles to the database.
*/
access.assigned_roles_table
/*
* Configurations for the user
*/
access.users.default_per_page
/*
* The role the user is assigned to when they sign up from the frontend
*/
access.users.default_role
/*
* Whether or not the user has to confirm their email when signing up
*/
access.users.confirm_email
/*
* Whether or not the users email can be changed on the edit profile screen
*/
access.users.change_email
/*
* Configuration for roles
*/
access.roles.role_must_contain_permission
/*
* Whether or not the administrator role must possess every permission
* Works in unison with permissions.permission_must_contain_role
*/
access.roles.administrator_forced
/*
* Whether a permission must contain a role or can be used standalone
* Works in unison with roles.administrator_forced
*/
access.permissions.permission_must_contain_role
Laravel 5 is trying to steer away from the filters.php file and more towards using middleware. Here is an example right from the access routes file of a group of routes that requires the Administrator role:
Route::group([
'middleware' => 'access.routeNeedsRole',
'role' => ['Administrator'],
'redirect' => '/',
'with' => ['error', 'You do not have access to do that.']
], function()
{
Route::group(['prefix' => 'access'], function ()
{
/*User Management*/
Route::resource('users', 'Backend\Access\UserController');
});
});
The above code checks to see if the currently authenticated user has the role Administrator
, if not redirects to /
with a session variable that has a key of message
and value of You do not have access to do that.
The following middleware ships with the boilerplate:
- access.routeNeedsRole
- access.routeNeedsPermission
- access.routeNeedsRoleOrPermission
The controller middleware supports all of the same parameters as the route middleware, except that it is declared in the constructor of the controller you are trying to protect:
For example, the Route::group
example above would be this:
public function __construct() {
$this->middleware('access.routeNeedsRole:{role:Administrator::redirect:/::with:error|You do not have access to do that.}');
}
Notes: Because the new route middleware parameters in 5.1 don't support arrays, I made my own syntax.
- It uses a single parameter encapulated in brackets
{}
role
can be singlerole:Administrator
or an "array"role:Administrator|User|Other
- Same for the permissions parameter:
permission:user_permission
orpermission:user_permission|other_permission
- The session message is in format
with:variable_name|message
- The parameters are separated by a double colon
::
(I did try a comma, the interpreter wasn't allowing it)
middleware
=> The middleware name, you can change them in your app/Http/Kernel.php file.role
=> A string of one role or an array of roles by name.permission
=> A string of one permission or an array of permissions by name.needsAll
=> A boolean, false by default, that states whether or not all of the specified roles/permissions are required to authenticate.with
=> Sends a session flash on failure. Array with 2 items, first is session key, second is value.redirect
=> Redirect to a url if authentication fails.redirectRoute
=> Redirect to a route if authentication fails.redirectAction
=> Redirect to an action if authentication fails.
If no redirect is specified a response('Unauthorized', 401);
will be thrown.
If you would like to create your own middleware, the following methods are available.
Note: A helper method access()
is also available. E.g. access()->hasRole('Administrator') which resolves the Access facade out of the IoC container. You can modify this function to add more functionality in app/helpers.php
.
/**
* Checks if the user has a Role by its name.
* @param string $name
* @return bool
*/
Access::hasRole($role);
/**
* Checks to see if the user has an array of roles, and whether or not all must return true to authenticate
* @param array $roles
* @param boolean $needsAll
* @return bool
*/
Access::hasRoles($roles, $needsAll);
/**
* Check if user has a permission by its name.
* @param string $permission.
* @return bool
*/
Access::can($permission);
/**
* Check an array of permissions and whether or not all are required to continue
* @param array $permissions
* @param boolean $needsAll
* @return bool
*/
Access::canMultiple($permissions, $needsAll);
Access:: by default uses the currently authenticated user. You can also do:
$user->hasRole($role);
$user->hasRoles($roles, $needsAll);
$user->can($permission);
$user->canMultiple($permissions, $needsAll);
If you would like to take advantage of the methods used by Access's route/controller handler, you can use
it:
`use App\Services\Access\Traits\AccessParams`
Which will give you methods in your middleware to grab route assets or controller parameters. You can then add methods to your middleware to grab assets that access doesn't grab by default and take advantage of them.
Note: If middleware is applied to both the controller and a route group, the controller will take precedence.
### Blade ExtensionsAccess comes with @blade extensions to help you show and hide data by role or permission without clogging up your code with unwanted if statements:
@role('User')
This content will only show if the authenticated user has the `User` role.
@endrole
@permission('can_view_this_content')
This content will only show if the authenticated user is somehow associated with the `can_view_this_content` permission.
@endpermission
Currently each call only supports one role or permission, however they can be nested.
If you want to show or hide a specific section you can do so in your layout files the same way:
@role('User')
@section('special_content')
@endrole
@permission('can_view_this_content')
@section('special_content')
@endpermission
You can add more extensions by editing app/Blade/Access/AccessBladeExtender.php
To configure socialite, add your credentials to your .env file. The redirects must follow the convention http://mysite.com/auth/login/SERVICE
. Available services are github
, facebook
, twitter
, and google
. Links to each are included in login.blade.php
.
If you are getting a cURL error 60
on localhost, follow these directions.
If for any reason something goes wrong, try each of the following:
Delete the composer.lock
file
Run the dumpautoload
command
$ composer dumpautoload -o
If the above fails to fix, and the command line is referencing errors in compiled.php
, do the following:
Delete the storage/framework/compiled.php
file