25 Mayıs 2016 Çarşamba

How to Implement ACL Mechanism into Laravel?

Due to my daily security research and QA job in Netsparker, I have not dealt with programming, especially Laravel for a while.

However I've thought to write an article about implementing ACL to Laravel. Because in days I was seeking a solution, I ran into many in market but eventually I decided to write my own. Because I had to scale it according to my needs.

Yes, let's start to implementation.

Please note that, I tested this solution with Laravel 5.1.

1) First of all, we depend on Zend ACL library, so we have to add it into Laravel, to do this, we have to add lines below  into composer.json:

2) Create a directory in app/Providers and name it as ZendAcl.  After creating the directory, create a PHP file in the directory, then name it as ZendAclServiceProvider.php. Put the below lines into the PHP file you've just created:

3) Create another directory in ZendAcl directory, and name the new directory as Facades. After creating Facades directory, create a PHP file named ACL.php and write the lines below into ACL.php:

4) We should set providers and put ACL in providers array in config/app.php. Please pay special attention to line 36 and 174.

5) At the heart of ACL, there is middleware. You know that middlewares are mechanism that meets you before entering application. In this implementation we have a middleware named CheckPermission. We're going to create a PHP file named CheckPermission.php and locate it under app/Http/Middleware:

6) When define a route, you can set a resource name with "as" param to this route. ACL mechanism will check user role, the resource name of route and decide whether request is allowed.

To stay in scope of the blog post, I've had to keep it simple.  A skeleton application contains my module implementation and this ACL implementation is ready. If you want to take a look on it, please contact me.  Soon, I will share it as public.

Hiç yorum yok: