33A flexible ABAC implementation for Laravel 12+ with a developer-friendly permission management API.
44
55[ ![ PHP Version] ( https://img.shields.io/packagist/php-v/zennit/abac )] ( https://packagist.org/packages/zennit/abac )
6- [ ![ Laravel Version] ( https://img.shields.io/packagist/laravel-v/zennit/abac )] ( https://packagist.org/packages/zennit/abac )
76[ ![ License] ( https://img.shields.io/packagist/l/zennit/abac )] ( LICENSE.md )
7+ [ ![ Packagist Version] ( https://img.shields.io/packagist/v/zennit/abac )] ( https://packagist.org/packages/zennit/abac )
88
99---
1010
@@ -14,7 +14,7 @@ A flexible ABAC implementation for Laravel 12+ with a developer-friendly permiss
1414composer require zennit/abac
1515```
1616
17- Publish config and migrate :
17+ Publish config and run migrations :
1818
1919``` bash
2020php artisan vendor:publish --provider=" zennit\ABAC\Providers\AbacServiceProvider"
@@ -25,111 +25,33 @@ php artisan migrate
2525
2626## Quick Start
2727
28- ### 1. Configure Resource Patterns
28+ 1 . Add the middleware to protected routes:
2929
3030``` php
31- // config/abac.php
32- 'middleware' => [
33- 'resource_patterns' => [
34- 'posts/([^/]+)' => App\Models\Post::class,
35- ],
36- 'actor_method' => 'user', // method to get actor from request
37- ],
31+ Route::middleware(['web', 'abac'])->group(function () {
32+ Route::get('/posts/{post}', fn (Post $post) => $post);
33+ });
3834```
39-
40- ### 2. Add Permissions
35+ 2 . Add a permission:
4136
4237``` php
4338use zennit\ABAC\Facades\Abac;
4439
45- // Shorthand - keys default to actor.*
46- $grant = Abac::addPermission('read', App\Models\Post::class, [
40+ Abac::addPermission('read', App\Models\Post::class, [
4741 'role' => 'editor',
4842 'resource.owner_id' => 123,
4943]);
50-
51- // Explicit constraints
52- $grant = Abac::addPermission('read', App\Models\Post::class, [
53- ['key' => 'actor.role', 'operator' => 'equals', 'value' => 'admin'],
54- ['key' => 'resource.owner_id', 'operator' => 'equals', 'value' => '123'],
55- ]);
56-
57- // DSL string
58- $grant = Abac::addPermission('read', App\Models\Post::class,
59- 'actor.role=admin and resource.owner_id=123'
60- );
61- ```
62-
63- ### 3. Manage Permissions
64-
65- ``` php
66- // Get all grants
67- $grants = Abac::getPermissions('read', App\Models\Post::class);
68-
69- // Get single grant
70- $grant = Abac::getPermission($grantId);
71-
72- // Update grant
73- $updated = Abac::updatePermission($grantId, ['role' => 'superadmin']);
74-
75- // Remove single grant
76- Abac::removePermission($grantId);
77-
78- // Remove all grants for method/resource
79- Abac::removePermissions('read', App\Models\Post::class);
80- ```
81-
82- ### 4. Protect Routes
83-
84- ``` php
85- // routes/web.php
86- Route::middleware(['web', 'abac'])->group(function () {
87- Route::get('/posts/{post}', fn (Post $post) => $post);
88- });
8944```
9045
91- ---
92-
93- ## Constraint Keys
94-
95- | Prefix | Description |
96- | -----------------| ----------------------------------------------------|
97- | ` actor.* ` | Requester attributes (user role, tenant, etc.) |
98- | ` resource.* ` | Resource being accessed (post owner, status, etc.) |
99- | ` environment.* ` | Request context (ip, time, etc.) — reserved |
100-
101- Shorthand keys without prefix default to ` actor.* ` :
102- ``` php
103- ['role' => 'admin'] // becomes actor.role
104- ```
105-
106- ---
107-
108- ## Supported Operators
109-
110- | Type | Operators |
111- | ------------| ----------------------------------------|
112- | Arithmetic | ` = ` , ` != ` , ` > ` , ` < ` , ` >= ` , ` <= ` |
113- | String | ` contains ` , ` starts_with ` , ` ends_with ` |
114-
115- DSL aliases: ` = ` , ` != ` , ` > ` , ` < ` , ` >= ` , ` <= ` , ` ~ ` , ` !~ ` , ` ^= ` , ` !^ ` , ` $= ` , ` !$ `
116-
117- ---
118-
119- ## Behavior
120-
121- - ** Widening** : ` addPermission() ` adds new OR branches — each grant is additive.
122- - ** Idempotent** : Duplicate constraints return the existing grant.
123- - ** Transactional** : Updates and deletes are atomic.
46+ 3 . Request is allowed when actor/resource attributes satisfy the grant constraints.
12447
12548---
12649
12750## Documentation
12851
129- - [ Consumer Setup] ( docs/CONSUMER_SETUP.md ) — Installation & configuration
130- - [ Managing Permissions] ( docs/MANAGING_ABAC.md ) — Permission CRUD API
131- - [ Seeding Schema] ( docs/SEEDING_SCHEMA.md ) — JSON schema for seeders
132- - [ Architecture Diagrams] ( docs/ARCHITECTURE_DIAGRAMS.md ) — ER diagrams
52+ Full docs: [ https://zennit-dev.github.io/abac/ ] ( https://zennit-dev.github.io/abac/ )
53+
54+ Local docs index: ` docs/index.md `
13355
13456---
13557
0 commit comments