ollieread/acl-group-permissions-migration.php

## acl-group-permissions-migration.php
<?php

use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;

class CreateAclGroupPermissionsTable extends Migration
{

    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('acl_group_permissions', function ($table) {

            $table->integer('group_id', false);
            $table->integer('permission_id', false);

        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::drop('acl_group_permissions');
    }

}

## acl-groups-migration.php
<?php

use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;

class CreateAclGroupsTable extends Migration
{

    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('acl_groups', function ($table) {

            $table->increments('id');
            $table->string('name', 50);
            $table->string('description', 255);

        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::drop('acl_groups');
    }

}

## acl-permissions-migration.php
<?php

use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;

class CreateAclPermissionsTable extends Migration
{

    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('acl_permissions', function ($table) {

            $table->increments('id');
            $table->string('ident', 255);
            $table->string('description', 255);

        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::drop('acl_permissions');
    }

}

## acl-user-groups-migration.php
<?php

use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;

class CreateAclUserGroupsTable extends Migration
{

    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('acl_user_groups', function ($table) {

            $table->integer('user_id', false);
            $table->integer('group_id', false);

        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::drop('acl_user_groups');
    }

}

## artisan-group-permissions
php artisan migrate:make create_acl_group_permissions_table

## artisan-groups
php artisan migrate:make create_acl_groups_table

## artisan-migrate
php artisan migrate

## artisan-permissions
php artisan migrate:make create_acl_permissions_table

## artisan-user-groups
php artisan migrate:make create_acl_user_groups_table

## filter.php
<?php

class AclPermittedFilter {

    public function filter($route, $request)
    {
        $permitted = false;

        $user = Auth::user();
        $user->load('groups', 'group.permissions');

        foreach($user->groups as $group) {
            if($group->permissions->has($route->getName())) {
                $permitted = true;
                break;
            }
        }

        if(!$permitted) {
            return Redirect::route('user.denied');
        }
    }

}

## model-group.php
<?php

class AclGroup extends Eloquent {

	protected $table = 'acl_groups';

	protected $fillable = array(
		'name', 'description'
	);

	public $timestamps = false;

	public function users()
	{
	    return $this->belongsToMany('User', 'acl_user_groups');
	}

	public function permissions()
	{
	    return $this->belongsToMany('AclPermission', 'acl_group_permissions');
	}

}

## model-permission.php
<?php

class AclPermission extends Eloquent {

	protected $table = 'acl_permissions';

	protected $fillable = array(
		'ident', 'description'
	);

	public $timestamps = false;

	public function groups()
	{
	    return $this->belongsToMany('AclGroup', 'acl_group_permissions');
	}

	public function getKey()
	{
	    return $this->attributes['ident'];
	}

}

## routes-filtered.php
<?php

Route::filter('acl.permitted', 'AclPermittedFilter');

Route::group(array('prefix' => 'user'), function() {

    // other routes here
    Route::get('supersecret', array(
        'before'    => ['auth', 'acl.permitted'],
        'as'        => 'user.supersecret',
        'uses'      => 'UserController@supersecret'
    ))

});

## routes.php
<?php

Route::group(array('prefix' => 'user'), function() {

    // for account registration
    Route::post('register', array(
        'as'    => 'user.register',
        'uses'  => 'UserController@register'
    ));

    // for authorising/logging in
    Route::post('authorise', array(
        'as'    => 'user.authorise',
        'uses'  => 'UserController@authorise'
    ));

    // check that a token is valid
    Route::get('validate', array(
        'as'    => 'user.validate',
        'uses'  => 'UserController@validate'
    ));

});
	<?php

	use Illuminate\Database\Schema\Blueprint;
	use Illuminate\Database\Migrations\Migration;

	class CreateAclGroupPermissionsTable extends Migration
	{

	/**
	* Run the migrations.
	*
	* @return void
	*/
	public function up()
	{
	Schema::create('acl_group_permissions', function ($table) {

	$table->integer('group_id', false);
	$table->integer('permission_id', false);

	});
	}

	/**
	* Reverse the migrations.
	*
	* @return void
	*/
	public function down()
	{
	Schema::drop('acl_group_permissions');
	}

	}
	<?php

	class AclPermittedFilter {

	public function filter($route, $request)
	{
	$permitted = false;

	$user = Auth::user();
	$user->load('groups', 'group.permissions');

	foreach($user->groups as $group) {
	if($group->permissions->has($route->getName())) {
	$permitted = true;
	break;
	}
	}

	if(!$permitted) {
	return Redirect::route('user.denied');
	}
	}

	}
	<?php

	class AclGroup extends Eloquent {

	protected $table = 'acl_groups';

	protected $fillable = array(
	'name', 'description'
	);

	public $timestamps = false;

	public function users()
	{
	return $this->belongsToMany('User', 'acl_user_groups');
	}

	public function permissions()
	{
	return $this->belongsToMany('AclPermission', 'acl_group_permissions');
	}

	}
	<?php

	class AclPermission extends Eloquent {

	protected $table = 'acl_permissions';

	protected $fillable = array(
	'ident', 'description'
	);

	public $timestamps = false;

	public function groups()
	{
	return $this->belongsToMany('AclGroup', 'acl_group_permissions');
	}

	public function getKey()
	{
	return $this->attributes['ident'];
	}

	}
	<?php

	Route::filter('acl.permitted', 'AclPermittedFilter');

	Route::group(array('prefix' => 'user'), function() {

	// other routes here
	Route::get('supersecret', array(
	'before' => ['auth', 'acl.permitted'],
	'as' => 'user.supersecret',
	'uses' => 'UserController@supersecret'
	))

	});
	<?php

	Route::group(array('prefix' => 'user'), function() {

	// for account registration
	Route::post('register', array(
	'as' => 'user.register',
	'uses' => 'UserController@register'
	));

	// for authorising/logging in
	Route::post('authorise', array(
	'as' => 'user.authorise',
	'uses' => 'UserController@authorise'
	));

	// check that a token is valid
	Route::get('validate', array(
	'as' => 'user.validate',
	'uses' => 'UserController@validate'
	));

	});