adonis install adonis-acl
providers
'adonis-acl/providers/AclProvider'
aceProviders
'adonis-acl/providers/CommandsProvider'
aliases
Role: 'Adonis/Acl/Role',
Permission: 'Adonis/Acl/Permission'
globalMiddleware
'Adonis/Acl/Init'
namedMiddleware
is: 'Adonis/Acl/Is',
can: 'Adonis/Acl/Can'static get traits() {
return [
'@provider:Adonis/Acl/HasRole',
'@provider:Adonis/Acl/HasPermission'
]
}adonis acl:setup
adonis migration:runadonis make:controller Permission
adonis make:controller Roleconst Permission = use('Permission');
class PermissionController {
index() {
return Permission.all()
}
async store({request}) {
const data = request.only(['name', 'slug', 'description'])
const permission = Permission.create(data)
return permission
}
async update({ request, params }) {
const data = request.only(['name', 'slug', 'description'])
const permission = await Permission.findOrFail(params.id)
permission.merge(data)
await permission.save()
return permission
}
async destroy({ params }) {
const permission = await Permission.findOrFail(params.id)
permission.delete()
}
}Route.resource('permission', 'PermissionController').apiOnly().middleware('auth')
POST: base_url/permissions
{
"name":"Create User",
"slug":"create_user",
"description":"Create a user"
}const Role = use('Role')
class RoleController {
async index() {
const roles = await Role.query().with('permissions').fetch()
return roles
}
async show({ params }){
const role = await Role.findOrFail(params.id)
await role.with('permissions')
return role
}
async store({ request }) {
const { permissions, ...data } = request.only(['name', 'slug', 'description', 'permission'])
const role = await Role.create(data)
if (permissions) {
await role.permissions().attach(permissions)
}
await role.load('permissions')
return role
}
async update({ request, params }) {
const { permissions, ...data } = request.only(['name', 'slug', 'description', 'permission'])
const role = await Role.findOrFail(params.id)
role.merge(data)
await role.save()
if (permissions) {
await role.permissions().sync(permissions)
}
await role.load('permissions')
return role
}
async destroy({ params }) {
const role = await Role.findOrFail(params.id)
await role.delete()
}
}Route.resource('/roles', RoleController).apiOnly().middleware('auth')
POST: base_url/roles
{
"name":"Administrator",
"slug":"administrator",
"description":"Admin of site"
}
PUT: base_url/roles
{
"permission":[1,2,3]
}store
- get permissions and roles from request
- check if(roles)
- await for user.roles().attach(roles)
- check if(permissions)
- await user.permissions().attach(permissions)
- await for user.loadMany(['roles', 'permissions'])
update
- same for store but with
syncinstead ofattach
PUT: base_url/users/1
{
"roles":[1]
}
POST: base_url/users
{
"email": "newadmin@email.com",
"roles":[1]
}
{
"email":"newnormaluser@email.com",
"permissions":[2]
}Route.resource('/posts', 'PostController')i
.apiOnly()
.execpt(['index', 'show'])
.middleware(['auth', 'is:(administrator || moderator)'])
Route.get('/posts', 'PostController')
.middleware(['auth', 'can:read_posts'])
Route.get('/posts/:id', 'PostController')
.middleware(['auth', 'can:(read_posts|| something)'])async index({ request, auth }) {
const user = await auth.getUser()
if (await user.can('read_private_posts'))
return Post.all()
const posts = await Post.query()
.where({ type: 'public'})
.fetch()
return posts
}
async show({params, auth, response}) {
const post = await Post.findOrFail(params.id)
if (post.type === "public") return post
const user = await auth.getUser()
if (await user.can("read_private_posts")) return post
return response.status.(400).send({error:{message:"Permission denied"}})
}