All notable changes to laravel-permission
will be documented in this file
- [V5] Fix detaching on all teams intstead of only current #1888 by @erikn69 in spatie#1890
- [V5] Add uuid compatibility support on teams by @erikn69 in spatie#1857
- Adds setRoleClass method to PermissionRegistrar by @timschwartz in spatie#1867
- Load permissions for preventLazyLoading by @bahramsadin in spatie#1884
- [V5] Doc for
Super Admin
on teams by @erikn69 in spatie#1845
- Avoid Roles over-hydration #1834
- No longer flush cache on User role/perm assignment changes #1832 NOTE: You should test your app to be sure that you don't accidentally have deep dependencies on cache resets happening automatically in these cases. ALSO NOTE: If you have added custom code which depended on these flush operations, you may need to add your own cache-reset calls.
- Change default-guard-lookup to prefer current user's guard (see BC note in #1817 )
- Teams/Groups feature (see docs, or PR #1804)
- Customized pivots instead of
role_id
,permission_id
#1823
- Avoid Roles over-hydration #1834
- Avoid BC break (removed interface change) on cache change added in 4.3.0 #1826
- Made cache even smaller #1826
- Avoid re-sync on non-persisted objects when firing Eloquent::saved #1819
- Speed up permissions cache lookups, and make cache smaller #1799
- Add hasExactRoles method #1696
- Refactor to resolve guard only once during middleware
- Refactor service provider by extracting some methods
- Added note in migration for field lengths on MySQL 8. (either shorten the columns to 125 or use InnoDB)
- Drop support on Laravel 5.8 #1615
- Fix bug when adding roles to a model that doesn't yet exist #1663
- Enforce unique constraints on database level #1261
- Changed PermissionRegistrar::initializeCache() public to allow reinitializing cache in custom situations. #1521
- Use Eloquent\Collection instead of Support\Collection for consistency, collection merging, etc #1630
This package now requires PHP 7.2.5 and Laravel 6.0 or higher. If you are on a PHP version below 7.2.5 or a Laravel version below 6.0 you can use an older version of this package.
- Allow PHP 8.0
- Optional
$guard
parameter may be passed toRoleMiddleware
,PermissionMiddleware
, andRoleOrPermissionMiddleware
. See #1565
- Added Laravel 8 support
- Change
users
relationship type to BelongsToMany
- Declare table relations earlier to improve guarded/fillable detection accuracy (relates to Aug 2020 Laravel security patch)
- Provide migration error text to stop caching local config when installing packages.
- Add missing config setting for
display_role_in_exception
- Ensure artisan
permission:show
command uses configured models
- Allow guardName() as a function with priority over $guard_name property #1395
- Update patch to handle intermittent error in #1370
- Ugly patch to handle intermittent error:
Trying to access array offset on value of type null
in #1370
- Add Wildcard Permissions feature #1381 (see PR or docs for details)
- Clear in-memory permissions on boot, for benefit of long running processes like Swoole. #1378
- Refine test for Lumen dependency. Ref #1371, Fixes #1372.
- Internal refactoring of scopes to use whereIn instead of orWhere #1334, #1335
- Internal refactoring to flatten collection on splat #1341
- Added methods to check any/all when querying direct permissions #1245
- Removed older Lumen dependencies #1371
- Added Laravel 7.0 support
- Allow splat operator for passing roles to
hasAnyRole()
- Added missing
guardName
to ExceptionPermissionDoesNotExist
#1316
- Fix 3.4.0 for Lumen
- Make compatible with Swoole - ie: for long-running Laravel instances
- Expose Artisan commands to app layer, not just to console
- Remove duplicate and unreachable code
- Remove checks for older Laravel versions
- Implementation of optional guard check for hasRoles and hasAllRoles - See #1236
- Use bigIncrements/bigInteger in migration - See #1224
- Update dependencies to allow for Laravel 6.0
- Drop support for Laravel 5.7 and older, and PHP 7.1 and older. (They can use v2 of this package until they upgrade.) To be clear: v3 requires minimum Laravel 5.8 and PHP 7.2
- Allow support for multiple role/permission models
- Load roles relationship only when missing
- Wrap helpers in function_exists() check
- Added
permission:show
CLI command to display a table of roles/permissions removeRole
now returns the model, consistent with other methods- model
$guarded
properties updated toprotected
- README updates
- reverts the changes made in 2.36.0 due to some reported breaks.
- improve performance by reducing another iteration in processing query results and returning earlier
- overhaul internal caching strategy for better performance and fix cache miss when permission names contained spaces
- deprecated hasUncachedPermissionTo() (use hasPermissionTo() instead)
- added getPermissionNames() method
- Add explicit pivotKeys to roles/permissions BelongsToMany relationships
- Laravel 5.8 compatibility
- Fix duplicate permissions being created through artisan command
- Add custom guard query to role scope
- Remove use of array_wrap helper function due to future deprecation
- Change cache config time to DateInterval instead of integer
This is in preparation for compatibility with Laravel 5.8's cache TTL change to seconds instead of minutes.
NOTE: If you leave your existing config/permission.php
file alone, then with Laravel 5.8 the 60 * 24
will change from being treated as 24 hours to just 24 minutes. Depending on your app, this may or may not make a significant difference. Updating your config file to a specific DateInterval will add specificity and insulate you from the TTL change in Laravel 5.8.
Refs:
https://laravel-news.com/cache-ttl-change-coming-to-laravel-5-8 https://github.com/laravel/framework/commit/fd6eb89b62ec09df1ffbee164831a827e83fa61d
- Fix bound
saved
event from firing on all subsequent models when calling assignRole or givePermissionTo on unsaved models. However, it is preferable to save the model first, and then add roles/permissions after saving. See #971.
- Use config settings for cache reset in migration stub
- Remove use of Cache facade, for Lumen compatibility
- Rename
getCacheKey
method in HasPermissions trait togetPermissionCacheKey
for clearer specificity.
- Add ability to specify a cache driver for roles/permissions caching
- Added the ability to reset the permissions cache via an Artisan command:
php artisan permission:cache-reset
- minor update to de-duplicate code overhead
- numerous internal updates to cache tests infrastructure
- Substantial speed increase by caching the associations between models and permissions
The following changes are not "breaking", but worth making the updates to your app for consistency.
-
Config file: The
config/permission.php
file changed to move cache-related settings into a sub-array. You should review the changes and merge the updates into your own config file. Specifically theexpiration_time
value has moved into a sub-array entry, and the old top-level entry is no longer used. See the original config file here: https://github.com/spatie/laravel-permission/blob/main/config/permission.php -
Cache Resets: If your
app
ortests
are clearing the cache by specifying the cache key, it is better to use the built-in forgetCachedPermissions() method so that it properly handles tagged cache entries. Here is the recommended change:
- app()['cache']->forget('spatie.permission.cache');
+ $this->app->make(\Spatie\Permission\PermissionRegistrar::class)->forgetCachedPermissions();
- Also this is a good time to point out that now with v2.25.0 and v2.26.0 most permission-cache-reset scenarios may no longer be needed in your app, so it's worth reviewing those cases, as you may gain some app speed improvement by removing unnecessary cache resets.
- A model's
roles
andpermissions
relations (respectively) are now automatically reloaded after an Assign/Remove role or Grant/Revoke of permissions. This means there's no longer a need to call->fresh()
on the model if the only reason is to reload the role/permission relations. (That said, you may want to call it for other reasons.) - Added support for passing id to HasRole()
- Fix operator used on RoleOrPermissionMiddleware, and avoid throwing PermissionDoesNotExist if invalid permission passed
- Auto-reload model role relation after using AssignRole
- Avoid empty permission creation when using the CreateRole command
- Avoid unnecessary queries of user roles when fetching all permissions
- Fix Lumen issue with Route helper added in 2.22.0
- Added
Route::role()
andRoute::permission()
middleware helper functions - Added new
role_or_permission
middleware to allow specifying "or" combinations
- Revert changes from 2.17.1 in order to support Lumen 5.7
- It will sync roles/permissions to models that are not persisted, by registering a
saved
callback. (It would previously throw an Integrity constraint violation QueryException on the pivot table insertion.)
- add
@elserole
directive: Usage:
@role('roleA')
// user hasRole 'roleA'
@elserole('roleB')
// user hasRole 'roleB' but not 'roleA'
@endrole
- Spark-related fix to accommodate missing guard[providers] config
- Add ability to pass in IDs or mixed values to
role
scope - Add
@unlessrole
/@endunlessrole
Blade directives
- Expanded CLI
permission:create-role
command to create optionally create-and-link permissions in one command. Also now no longer throws an error if the role already exists.
- Require laravel/framework instead of illuminate/* starting from ~5.4.0
- Removed old dependency for illuminate/database@~5.3.0 (Laravel 5.3 is not supported)
- Laravel 5.7 compatibility
- Replace static Permission::class and Role::class with dynamic value (allows custom models more easily)
- Added type checking in hasPermissionTo and hasDirectPermission
- Make assigning the same role or permission twice not throw an exception
- Allow using another key name than
model_id
by defining newcolumns
array withmodel_morph_key
key in config file. This improves UUID compatibility as discussed in #777.
- Fix issue with null values passed to syncPermissions & syncRoles
- added hasAllPermissions method
- Reverted 2.12.0. REVERTS: "Add ability to pass guard name to gate methods like can()". Requires reworking of guard handling if we're going to add this feature.
- Add ability to pass guard name to gate methods like can()
- Improve speed of permission lookups with findByName, findById, findOrCreate
- changes the type-hinted Authenticatable to Authorizable in the PermissionRegistrar. (Previously it was expecting models to implement the Authenticatable contract; but really that should have been Authorizable, since that's where the Gate functionality really is.)
- Now findOrCreate() exists for both Roles and Permissions
- Internal code refactoring for future dev work
- Permissions now support passing integer id for sync, find, hasPermissionTo and hasDirectPermissionTo
- add compatibility with Laravel 5.6
- Allow assign/sync/remove Roles from Permission model
- Allow a collection containing a model to be passed to role/permission scopes
- Fix compatibility with Spark v2.0 to v5.0
- Support getting guard_name from extended model when using static methods
Changes related to throwing UnauthorizedException:
- When UnauthorizedException is thrown, a property is added with the expected role/permission which triggered it
- A configuration option may be set to include the list of required roles/permissions in the message
- REVERTED: Dynamic permission_id and role_id columns according to tables name NOTE: This Dynamic field naming was a breaking change, so we've removed it for now.
BEST NOT TO USE v2.7.7 if you've changed tablenames in the config file.
- updated
HasPermissions::getStoredPermission
to allow a collection to be returned, and to fix query when passing multiple permissions - Give and revoke multiple permissions
- Dynamic permission_id and role_id columns according to tables name
- Add findOrCreate function to Permission model
- Improved Lumen support
- Allow guard name to be null for find role by id
- added Lumen support
- updated
HasRole::assignRole
andHasRole::syncRoles
to accept role id's in addition to role names as arguments
- fixed
Gate::before
for custom gate callbacks
- added cache clearing command in
up
migration for permission tables - use config_path helper for better Lumen support
- refactor middleware to throw custom
UnauthorizedException
(which raises an HttpException with 403 response) The 403 response is backward compatible
- refactor
PermissionRegistrar
to use$gate->before()
- removed
log_registration_exception
as it is no longer relevant
- fixed a bug where
Role
s andPermission
s got detached when soft deleting a model
- add support for L5.3
- add
permission
scope
- register the blade directives in the register method of the service provider
- register the blade directives in the boot method of the service provider
- let middleware use caching
- add getRoleNames() method to return a collection of assigned roles
- add compatibility with Laravel 5.5
- automatically detach roles and permissions when a user gets deleted
- fix processing of pipe symbols in
@hasanyrole
and@hasallroles
Blade directives
- add
PermissionMiddleware
andRoleMiddleware
- allow
hasAnyPermission
to take an array of permissions
- fix commands not using custom models
- add
create-permission
andcreate-role
commands
hasanyrole
andhasallrole
can accept multiple roles
- fixed a bug where
hasPermissionTo
wouldn't use the right guard name
- fixed a bug that didn't allow you to assign a role or permission when using multiple guards
- add
model_type
to the primary key of tables that use a polymorphic relationship
- fixed a bug where the role()/permission() relation to user models would be saved incorrectly
- added users() relation on Permission and Role
- fix a bug where the
role()
/permission()
relation to user models would be saved incorrectly - add
users()
relation onPermission
andRole
- check for duplicates when adding new roles and permissions
- fix the order of the
foreignKey
andrelatedKey
in the relations
- Requires minimum Laravel 5.4
- cache expiration is now configurable and set to one day by default
- roles and permissions can now be assigned to any model through the
HasRoles
trait - removed deprecated
hasPermission
method - renamed config file from
laravel-permission
topermission
.
- added support for Laravel 5.7
- added support for Laravel 5.6
- allow
hasAnyPermission
to take an array of permissions
- fixed
Gate::before
for custom gate callbacks
- refactor
PermissionRegistrar
to use$gate->before()
- removed
log_registration_exception
as it is no longer relevant
- added compatibility for Laravel 5.5
- made foreign key name to users table configurable
hasPermissionTo
uses the cache to avoid extra queries when it is called multiple times
- add
getDirectPermissions
,getPermissionsViaRoles
,getAllPermissions
- add
hasAnyPermission
- add
log_registration_exception
in settings file - fix for ambiguous column name
id
when using the role scope
hasDirectPermission
method is now public
- added support for Laravel 5.4
- make exception logging more verbose
- added
Role
scope
- moved some things to
boot
method in SP to solve some compatibility problems with other packages
- make compatible with L5.3
- fixes
givePermissionTo
andassignRole
in Laravel 5.1
** this version does not work in Laravel 5.1, please upgrade to version 1.5.1 of this package
- allowed
givePermissonTo
to accept multiple permissions - allowed
assignRole
to accept multiple roles - added
syncPermissions
-method - added
syncRoles
-method - dropped support for PHP 5.5 and HHVM
- added
hasPermissionTo
function to theRole
model
hasAnyRole
can now properly process an array
hasDirectPermission
can now accept a string
- fixed user table configuration
- fixed bug when testing for non existing permissions
- added compatibility for Laravel 5.2
- use database_path to publish migrations
###Added
- support for custom models
- Blade directives
hasAllRoles()
- andhasAnyRole()
-functions
- Fix for running phpunit locally
- Fixed the inconsistent naming of the
hasPermission
-method.
- Everything, initial release