Class-Based Permission Control

The BabeRuka/systemroles package extends its robust role and permission management capabilities to control access to specific classes, particularly your application’s controllers. This allows you to define permissions at a granular level, ensuring that only users with appropriate roles can execute methods within certain controllers.

This functionality is achieved by integrating the SystemClassesController which works in conjunction with your defined application structure and the systemroles.php configuration file.

How Class-Based Permission Control Works:

1. Configurable Controller Directory: The systemroles.php configuration file is central to this feature. It allows you to specify the primary directory where your application’s controllers are located:

   PHP

   'controller_directory' => 'app/Http/Controllers',
   

   This configuration tells the SystemRoles package where to look for your application’s controllers. When the SystemClassesController runs, it scans this directory to identify available controllers.

2. Controller Scanning and Database Integration: The SystemClassesController is responsible for:

   • Scanning Controllers: It programmatically iterates through the files in the controller_directory you’ve specified.
   • Saving to Database: It registers these scanned controllers (and potentially their methods) into the package’s database tables. This creates a record of your application’s executable components, making them manageable through the SystemRoles interface (though the specific UI for managing class permissions isn’t detailed in the provided content, this database integration is the foundational step). This allows the system to know which classes exist and can be potentially restricted.

3. Real-time Access Checks: The core of granting permission to specific classes lies in the chechAccess method (note the typo in the provided method name, assuming it should be checkAccess). This method is designed to be called within your application’s logic, typically within the __construct method of your controllers or other relevant service providers, to enforce access control before any action is performed by a user.

Example Usage

To utilize the class-based permission control, you would typically inject or instantiate the SystemClassesController and then call its checkAccess method, passing the user’s role ID and the name of the class being accessed.

In your Controller’s Constructor:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use BabeRuka\SystemRoles\Http\Controllers\SystemRoles\SystemClassesController;
use BabeRuka\SystemRoles\Http\Controllers\SystemRoles\SystemRolesController;  
use Illuminate\Support\Facades\Session; // Import the Session facade
use Illuminate\Support\Facades\Auth;  

class AdminDashboardController extends Controller
{
    protected $systemClassesController;
    protected $systemRolesController;  

    public function __construct()
    {
        $this->systemClassesController = new SystemClassesController();
        $this->systemRolesController = new SystemRolesController();  

        $userRoleId = null;

        // Attempt to get role_id from session first
        if (Session::has('role_id')) {
            $userRoleId = Session::get('role_id');
        } else {
            $userRoleId = $this->systemRolesController->checkRole();
        }

        // Get the name of the current class (controller)
        $className = class_basename($this); // Gets just the class name, e.g., 'AdminDashboardController'

        // Check if a role ID was successfully obtained before performing access check
        if ($userRoleId) {
            // Perform the access check using the SystemClassesController 
            $this->systemClassesController->chechAccess($userRoleId, $className);
        } else {
            // abort(403, 'Unauthorized access: No role assigned.');
        }
    }

    public function index()
    {
        // This method will only be executed if the chechAccess in the constructor allows it.
        return view('admin.dashboard');
    }
}

Explanation:

1. use BabeRuka\SystemRoles\Http\Controllers\SystemRoles\SystemClassesController;: This line imports the systemClassesController.
2. use BabeRuka\SystemRoles\Http\Controllers\SystemRoles\SystemRolesController;: This imports the SystemRolesController.
3. protected $systemClassesController; protected $systemRolesController; $SystemClassesController = new SystemClassesController();: An instance of the SystemClassesController and the SystemRoleContrroler is created.
4. $userRoleId = Auth::check() ? Auth::user()->role_id : null;: This line retrieves the role_id of the currently authenticated user. Important:
5. $className = class_basename($this);: This gets the unqualified name of the current controller class (e.g., “AdminDashboardController” from App\Http\Controllers\AdminDashboardController). This className is what the SystemClassesController will compare against its database records.
6. $this->systemClassesController->chechAccess($userRoleId, $className);: This is the core call. It passes the role_id of the authenticated user and the className of the controller they are trying to access. The chechAccess method (internally) will query its database to determine if the given role_id has permission to access the specified className.

Intended Outcome:

By implementing chechAccess in your controllers’ constructors, you establish a powerful middleware-like system for controller-level authorization. If a user, based on their assigned role, does not have the necessary permission to access a particular controller, the chechAccess method is designed to prevent further execution of that controller’s methods, typically by:

• Redirecting the user to an unauthorized page.
• Throwing an AccessDeniedHttpException (a 403 Forbidden error).
• Displaying a custom error message.

This ensures that only authorized roles can interact with specific backend functionalities, providing a robust layer of security for your application.