24

I'm trying to use cartalyst sentry 2 in my site being built with Laravel 4. Basically I don't understand how to implement permissions.

The examples I've seen for permissions for a group specify the following as an example:

{
    "name" : "Administrator",
    "permissions" : 
    {
        "user.create" : 1,
        "user.delete" : 1,
        "user.view"   : 1,
        "user.update" : 1
    }
}

SO this is setting permissions for the admin group. BUT where are these permissions set?

In the table 'groups' there is a field called permissions which is a text field - are they set there - if so how? Or are these set in a model or controller?

Can anyone point me to s step by step on how to use in a laravel 4 app? I've read the supporting docs which foes through the functions but I'm just not sure how to set the data to get the functions to work.

Gustavo Straube
  • 3,744
  • 6
  • 39
  • 62
Ray
  • 3,018
  • 8
  • 50
  • 91

2 Answers2

52

Basically you have to..

Create your groups

Sentry::getGroupProvider()->create([
    'name' => 'Super Administrators',
    'permissions' => [
        'system' => 1,
    ],
]);

Sentry::getGroupProvider()->create([
    'name' => 'Managers',
    'permissions' => [
        'system.products' => 1,
        'system.store' => 1,
        'system.profile' => 1,
    ],
]);

Set a group to a particular user, in this case it is setting Managers to the current logged user

Sentry::getUser()->addGroup( Sentry::getGroupProvider()->findByName('Managers') );

Check if a user has a particular access

if ( Sentry::getUser()->hasAnyAccess(['system','system.products']) )
{
    // Will be able to do a thing
}

Check if a user is Super Administrator (only this group has the 'system' access)

if ( Sentry::getUser()->hasAnyAccess(['system']) )
{
    // Will be able to do a thing
}

Get all groups from a particular user

try
{
    // Find the user using the user id
    $user = Sentry::getUserProvider()->findById(1);

    // Get the user groups
    $groups = $user->getGroups();
}
catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
{
    echo 'User was not found.';
}
Matt
  • 9,068
  • 12
  • 64
  • 84
Antonio Carlos Ribeiro
  • 86,191
  • 22
  • 213
  • 204
  • Thank you for this info - I'll try this out and implement. Just for clarity - are the names you use related to classes or simply descriptors unique to an app and can be anything? – Ray Jun 10 '13 at 21:27
  • 2
    Are you talking about `system`, `system.products`...? There's no relation between them and your classes, those are just names you pick. I'm trying to be granular using them like `system.products.insert`, if you have `system.products`, you can do everything on products. – Antonio Carlos Ribeiro Jun 10 '13 at 22:32
  • 1
    I was looking for this all day – giannis christofakis Jul 26 '13 at 12:39
  • @AntonioCarlosRibeiro Awesome :D In case if i want to set a group for particular user email? instead of logged in user. Thx!! – 1myb Oct 21 '13 at 14:32
  • You can set it to the group name: `'name' => 'me@mydomain.com'`. – Antonio Carlos Ribeiro Oct 21 '13 at 14:38
  • @AntonioCarlosRibeiro I mean assign the user to the group, like user (me@mydomain.com) add to admin group, not loggoed user – 1myb Oct 21 '13 at 17:30
  • @AntonioCarlosRibeiro Thx, found it in the user update section.. i still wondering why it's not documented xD – 1myb Oct 22 '13 at 03:07
  • What is the return type of `getGroups()`? – 735Tesla Dec 25 '13 at 11:41
  • 1
    It will return an instance of Illuminate\Database\Eloquent\Collection. – Antonio Carlos Ribeiro Dec 25 '13 at 13:02
  • Why isn't this in Sentry documentation?!??! Thanks! –  Oct 28 '14 at 18:30
  • is there maybe a way to implement a multiple filter that will return the route in case that at least one filter is true? For example like this: Route::get('users', array('as' => 'getUsers', 'uses' => 'UsersController@getIndex', 'before' => 'inGroup:Administrator|hasAccess:users.index')); or do i need also for the admin group define all these permissions which are also in other groups? Now I have only 1 for admin group which is global so admin can access to everything and specific for other groups – enigmaticus Nov 04 '14 at 20:37
4

In your groups table you set the permissions using JSON.

I have the following columns:

id | name | permissions

And a row:

1 | admin | {"admin":1, "create_news": 1}

Assign a user to a group using the table users_groups

Now you can use the following example to check if a user have a given permission: 

$user = Sentry::getUser();
if ($user->hasAccess('create_news')) {
    echo "You can create a news item";
}
else {
    echo "You can't create a news item";
}
Patrick Reck
  • 11,246
  • 11
  • 53
  • 86
  • Thank you for this - I'm going to use a combination of the two answers, both make sense. Now to trial it in my site. – Ray Jun 10 '13 at 21:28