承接 halaabdulmottleeb/bitmask-permissions 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

halaabdulmottleeb/bitmask-permissions

Composer 安装命令:

composer require halaabdulmottleeb/bitmask-permissions

包简介

A Laravel authorization package that uses bitmask-based permissions to support object-level (per-resource) access control.

README 文档

README

A lightweight, high-performance authorization package for Laravel that stores permissions as integer bitmasks instead of relational pivot tables.

Every permission a subject holds on a resource is packed into a single integer column, so checks are a single indexed query with a bitwise AND — no joins, no pivot-row lookups. It supports both object-level (per-record) and global (resource-wide) grants out of the box.

Why bitmasks?

Traditional permission packages store each grant as one or more rows across several pivot tables. This package stores all of a subject's permissions on a given resource in one BIGINT:

Pivot-table approach Bitmask (this package)
Storage per grant multiple rows across pivot tables a single integer column
Permission check row lookups / joins one bitwise AND in a single indexed query
Object-level permissions not first-class native (resource_type + nullable resource_id)
Combining permissions insert / delete rows bitwise OR / AND

Trade-off: the number of distinct permissions per resource type is capped by the integer width (64 with BIGINT), and there are no built-in roles/caching helpers. It's optimized for fast, fine-grained, per-resource checks.

Requirements

  • PHP ^8.2
  • Laravel 10, 11, 12 ,or 13 (illuminate/database, illuminate/support)

Installation

composer require halaabdulmottleeb/bitmask-permissions

The service provider is auto-discovered. Publish and run the migration:

php artisan vendor:publish --tag=bitmask-permissions-migrations
php artisan migrate

Optionally publish the config file to change the table name:

php artisan vendor:publish --tag=bitmask-permissions-config

Usage

1. Define your permissions as bit values

Each permission is a single bit — use powers of two. An enum is a clean way to do this:

enum PostPermission: int
{
    case READ   = 1;   // 0001
    case WRITE  = 2;   // 0010
    case UPDATE = 4;   // 0100
    case DELETE = 8;   // 1000
}

2. Add the trait to any model that can hold permissions

use HalaAbdulmottleb\BitmaskPermissions\Traits\HasBitmaskPermissions;
use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    use HasBitmaskPermissions;
}

Any Eloquent model works as the subject (User, Team, ApiClient, ...) because the relation is polymorphic.

3. Grant, check, and revoke

$user->grantPermissionTo(PostPermission::READ->value, $post);
$user->grantPermissionTo(PostPermission::WRITE->value, $post);

$user->hasPermissionTo(PostPermission::READ->value, $post);  // true
$user->hasPermissionTo(PostPermission::DELETE->value, $post); // false

$user->revokePermission(PostPermission::WRITE->value, $post);

Combining permissions

Because permissions are bits, you can grant several at once with a bitwise OR:

$user->grantPermissionTo(
    PostPermission::READ->value | PostPermission::WRITE->value,
    $post
);

hasPermissionTo() checks that all requested bits are present ((mask & permission) = permission).

Global (resource-wide) grants

The resource_id column is nullable. A grant with a null resource_id applies to every record of that resource type, and hasPermissionTo() matches either the specific record or the global grant.

API

The HasBitmaskPermissions trait adds:

Method Description
grantPermissionTo(int $permission, Model $resource) Adds the permission bit(s) for the subject on the resource.
hasPermissionTo(int $permission, Model $resource): bool Returns true if the subject has all requested bits (record-specific or global).
revokePermission(int $permission, Model $resource) Clears the permission bit(s) for the subject on the resource.
grantPermissions(): MorphMany The underlying polymorphic relation to PermissionGrant.

Configuration

config/bitmask-permissions.php:

return [
    'table' => 'permission_grants',
];

Schema

A single table holds everything:

  • subject_type / subject_id — polymorphic owner of the permissions
  • resource_type — the resource class (via morph map)
  • resource_id — nullable; null means a global grant for that resource type
  • mask — the bitmask of granted permissions
  • unique on (subject_type, subject_id, resource_type, resource_id) — one row per subject–resource pair

Testing

composer install
vendor/bin/pest

Tests run against an in-memory SQLite database via Orchestra Testbench.

License

MIT © Hala Abdulmottleb

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-07-01

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固