ayd/authorize
Composer 安装命令:
composer require ayd/authorize
包简介
A shared authorization package for Hyperf and Laravel applications at AYD Company.
README 文档
README
Shared authorization decision builder for Laravel and Hyperf applications.
The package focuses on API response abilities:
- RBAC abilities in
response.meta.abilities - ABAC/resource abilities in
response.data[*].abilities - A shared decision shape that frontend applications can consume consistently
{
"abilities": {
"detail": { "allowed": true },
"update": {
"allowed": true,
"fields": {
"*": { "allowed": false },
"title": { "allowed": true },
"quantity": { "allowed": true }
}
},
"delete": { "allowed": true }
}
}
Installation
composer require ayd/authorize
For local package development this package expects ayd/api-response-base
to be available through the local path repository configured in composer.json.
Core Usage
use Ayd\Authorize\ResourceAbilitiesResolver; $abilities = ResourceAbilitiesResolver::make() ->allow('detail') ->fields('update', [ 'title', 'quantity' => ['allowed' => false, 'reason' => 'Quantity locked'], ]) ->deny('delete', 'Archived') ->resolve();
This produces:
[
'detail' => ['allowed' => true],
'update' => [
'allowed' => true,
'fields' => [
'*' => ['allowed' => false],
'title' => ['allowed' => true],
'quantity' => ['allowed' => false, 'reason' => 'Quantity locked'],
],
],
'delete' => ['allowed' => false, 'reason' => 'Archived'],
]
For page-level RBAC maps:
use Ayd\ApiResponseBase\Meta; use Ayd\Authorize\ResourceAbilitiesResolver; $meta = Meta::abilities(ResourceAbilitiesResolver::fromBooleanMap([ 'create' => $user->can('product.create'), 'delete' => $user->can('product.delete'), ])->resolve());
Model Usage
use Ayd\Authorize\ResourceAbilitiesResolver; use Ayd\Authorize\Concerns\HasResourceAbilities; use Ayd\Authorize\Contracts\HasResourceAbilities as HasResourceAbilitiesContract; class Product extends Model implements HasResourceAbilitiesContract { use HasResourceAbilities; public function resolveAbilities(mixed $user = null): array|ResourceAbilitiesResolver { return $this->abilityResolver() ->allow('detail') ->fields('update', [ 'title', 'quantity' => $this->isLocked() ? ['allowed' => false, 'reason' => 'Quantity locked'] : true, ]) ->action('delete', $user?->can('delete', $this) ?? false); } }
Laravel API Resource Usage
use Illuminate\Http\Request; use Illuminate\Http\Resources\Json\JsonResource; use Ayd\Authorize\Laravel\Concerns\IncludesResourceAbilities; class ProductResource extends JsonResource { use IncludesResourceAbilities; public function toArray(Request $request): array { return [ 'id' => $this->id, 'title' => $this->title, 'abilities' => $this->resourceAbilities($request), ]; } }
The Laravel service provider is listed for package discovery and registers
ResourceAbilitiesResolver as an empty singleton. It does not bind
Ayd\ApiResponseBase\Contracts\AbilitiesResolver by default, so existing
API responses will not suddenly emit empty meta.abilities.
Bind your own resolver if you want automatic meta.abilities injection through
ayd/api-response-laravel:
use Ayd\ApiResponseBase\Contracts\AbilitiesResolver; $this->app->bind(AbilitiesResolver::class, ProductPageAbilitiesResolver::class);
Hyperf Usage
The Hyperf ConfigProvider registers ResourceAbilitiesResolver as a dependency.
Use the core builder in resources, transformers, or services:
use Ayd\Authorize\ResourceAbilities; $abilities = ResourceAbilities::resolve($product, $user);
To integrate page-level abilities with ayd/api-response-hyperf, bind an
implementation of Ayd\ApiResponseBase\Contracts\AbilitiesResolver in
your Hyperf dependency config.
Design Notes
- Backends should return decisions, not frontend policy logic.
- Use
meta.abilitiesfor page-level RBAC. - Use
data[*].abilitiesfor row/resource-level ABAC. - Explicit field decisions override the
*fallback. - The frontend should treat these decisions as UX hints only; backend policies remain the source of truth.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 4
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-06-18