Role-Based Access Control for Laravel.
Default the package will use username column to authenticate. If you want to use email instead, just change username to email in config/nelisys/rbac.php.
Run composer to install the package.
composer require nelisys/rbac
Publish the configuration files.
php artisan vendor:publish --provider="Nelisys\Rbac\RbacServiceProvider"
Change users.model to Nelisys\Rbac\Models\User
// config/auth.php
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => Nelisys\Rbac\Models\User::class,
],Add sanctum config in .env file
SANCTUM_STATEFUL_DOMAINS=example.com
Add Sanctum middleware in api.
// app/Http/Kernel.php
protected $middlewareGroups = [
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,Run migrate.
php artisan migrate
Run php artisan tinker to create test user.
Nelisys\Rbac\Models\User::create([
'username' => 'alice',
'password' => bcrypt('secret'),
]);
Call /api/login to get the token.
$ curl \
-H 'X-Requested-With: XMLHttpRequest' \
-d 'username=alice&password=secret' \
http://example.test/api/login
Specify header Authorization: Bearer with the token return.
Note: Replace $token with the token return.
$ curl \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Authorization: Bearer $token' \
http://example.test/api/user
{
"username" : "alice",
"id" : 1,
...
}
Specify header Authorization: Bearer with the token return.
Note: Replace $token with the token return.
$ curl \
-X POST \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Authorization: Bearer $token' \
http://example.test/api/logout
Nelisys RBAC is open-sourced software licensed under the MIT license.