Essentials

Controls

Apply your security in all Laravel's places right here !

Control

To create a control, use the following command:

php artisan make:control PostControl

use Lomkit\Access\Controls\Control;

class PostControl extends Control
{
    /**
     * The model the control refers to.
     *
     * @var class-string<Model>
     */
    protected string $model;

     /**
     * Retrieve the list of perimeter definitions for the current control.
     *
     * @return array<\Lomkit\Access\Perimeters\Perimeter> An array of Perimeter objects.
     */
    protected function perimeters(): array
    {
        return [
            // ...    
        ];
    }
}

Don't forget to define the linked model:

  /**
   * The model the control refers to.
   *
   * @var class-string<Model>
   */
  protected string $model = \App\Models\Task::class;

Next you'll need to define your perimeters in the way you want them to be registered:

protected function perimeters(): array
{
    return [
      GlobalPerimeter::new()
        ->allowed(function (Model $user, string $method) {
          return $user->can(sprintf('%s global models', $method));
        })
        ->should(function (Model $user, Model $model) {
          return true;
        })
        ->query(function (Builder $query, Model $user) {
          return $query;
        }), 
    ];
}

Allowed

Can the user access this specific perimeter?
This method tells if the perimeter should apply for the given user.

The viewAny method check for the view method to see if the user has any view access. It then doesn't check for the should method since there is no model linked.You can change this in the config.

Should

Does the user perimeter correspond to the given model perimeter?
This method validates a given model according to the user.

The should method won't be called for gates not relying on specifying a model (viewAny / create) and will instead auto-validate.

Query

Does the user have access to the given rows?
Applies the given perimeter to the query according to the user one.

Model

You need to specify to your model that a Control has been configured and specify it:

use Lomkit\Access\Controls\HasControl;

class Post extends Model
{
    use HasControl;
}

Parent query isolation

By default the access parent's query is isolated from your base query, this is to prevent conflict if you manipulate the query after.

If you want to disable this, simply set queries.isolate_parent_query in your config file

access-control.php

<?php

return [
    'queries' => [
        'isolate_parent_query'           => false, // Set this to false
    ],
];

Perimeter query isolation

By default the access perimeter's query are isolated from your the other perimeters query, this is to prevent conflict if you manipulate overlayed perimeter.

If you want to disable this, simply set queries.isolate_perimeter_queries in your config file

access-control.php

<?php

return [
    'queries' => [
        'isolate_perimeter_queries'           => false, // Set this to false
    ],
];

Perimeters

Structure your applications access scopes.

Policies

Automatically apply Laravel Access Control on your policies !