abac bismillah

Author: emreakay

README-abac.md

@@ -17,6 +17,7 @@ backlog
 
 - config e aranacak model klasörü eklenecek ?? AStart a mı eklemek lazım?
 - abac rule'u eloquent'a - dönüştüren builder ?? şimdilik scope içinden yapıldı
+- model'in rule'larını alan servis veya util ?
 
 -----
 

README.md

@@ -5,23 +5,25 @@
 [![GitHub Code Style Action Status](https://img.shields.io/github/workflow/status/aurorawebsoftware/aauth/Check%20&%20fix%20styling?label=code%20style)](https://github.com/aurorawebsoftware/aauth/actions?query=workflow%3A"Check+%26+fix+styling"+branch%3Amain)
 [![Total Downloads](https://img.shields.io/packagist/dt/aurorawebsoftware/aauth.svg?style=flat-square)](https://packagist.org/packages/aurora/aauth)
 
-Hierarchical Rol-Permission Based **Laravel Auth Package** with Limitless Hierarchical Level of Organizations
+Organization Based (OrBAC) , Attibute Based (ABAC) , Rol-Permission (RBAC)  Based Authentication Methods Combined **Laravel Auth Package** with Limitless Hierarchical Level of Organizations and Limitless Attribute Conditions
 
 # Features
 
 - Organization Based Access Controllable (OrBAC) Eloquent Models
+- Attribute Based Access Controllable (ABAC) Eloquent Models
 - Role Based Access Control (RoBAC)
 - Permissions Based Access Control
 - Lean & Non-Complex Architecture
 - PolyMorphic Relationships of Model & Organization Node
+- DB Row Level Filtering for the Role with ABAC
 - Built-in Blade Directives for permission control inside **Blade** files
 - Mysql, MariaDB, Postgres Support
 - Community Driven and Open Source Forever
 
 ---
 
 
-[<img src="https://banners.beyondco.de/AAuth%20for%20Laravel.png?theme=light&packageManager=composer+require&packageName=aurorawebsoftware%2Faauth&pattern=jigsaw&style=style_1&description=Hierarchical+Role-Permission+Based+Laravel+Auth+Package+with+Limitless+Hierarchical+Level+of+Organizations&md=1&showWatermark=0&fontSize=175px&images=shield-check&widths=auto" />](https://github.com/AuroraWebSoftware/AAuth)
+[<img src="https://banners.beyondco.de/AAuth%20for%20Laravel.png?theme=light&packageManager=composer+require&packageName=aurorawebsoftware%2Faauth&pattern=jigsaw&style=style_1&description=OrBAC, ABAC, RBAC Combined Laravel Auth Package&md=1&showWatermark=0&fontSize=175px&images=shield-check&widths=auto" />](https://github.com/AuroraWebSoftware/AAuth)
 
 # Installation
 
@@ -88,7 +90,7 @@ return [
 ];
 ```
 
-# Main Philosophy
+# Main Philosophy of AAuth OrBAC
 
 In computer system security, there are several approaches to restrict system access to authorized users.
 
@@ -139,6 +141,12 @@ Principal dynamically *without writing one line of code?*
     - Canada
         - .....
 
+# Main Philosophy of AAuth ABAC
+
+// todo coming soon ....
+
+
+---
 **AAuth may be your first class assistant package.**
 
 ---
@@ -187,6 +195,9 @@ file's permission['system'] array.
 an Organization Role.
 Organization Permissions should be added inside `aauth.php` config file's permission['organization'] array.
 
+## ABAC
+// todo coming soon
+
 ## Role
 
 Roles are assigned to users. Each User can have multiple roles.
@@ -226,6 +237,10 @@ be an organization node and can be access controllable.
 It means that; Only Authorized User Role can be access the relating model, or in other words, Each role only can access
 the models which is on Authenticated Sub-Organization Tree of User's Role.
 
+### Model - ABAC rules
+// todo coming soon
+
+
 # Usage
 
 Before using this, please make sure that you published the config files.
@@ -283,10 +298,10 @@ $organizationService->createOrganizationScope($data);
 ```
 
 ### Updating an Organization Scope
-the contributors' space
+// todo help wanted
 
 ### Deleting an Organization Scope
-the contributors' space
+// todo help wanted
 
 
 ### Creating an Organization Node without Model Relationship
@@ -304,10 +319,10 @@ $organizationService->createOrganizationNode($data);
 ```
 
 ### Updating an Organization Node
-the contributors' space
+// todo help wanted
 
 ### Deleting an Organization Node
-the contributors' space
+// todo help wanted
 
 ##  Role Permission Service
 
@@ -341,10 +356,10 @@ $createdRole = $rolePermissionService->createRole($data);
 ```
 
 ### Updating a Role
-...
+// todo help wanted
 
 ### Deleting a Role
-....
+// todo help wanted
 
 ### Attaching a Role to a User
 ```php
@@ -389,7 +404,7 @@ $rolePermissionService->attachOrganizationRoleToUser($organizationNode->id, $cre
 ```
 
 ### Creating a System Role and Attaching to a User
-....
+// todo help wanted
 
 
 ## Using AAuth Interface and Trait with Eloquent Models
@@ -411,7 +426,11 @@ class ExampleModel extends Model implements AAuthOrganizationNodeInterface
 }
 ```
 
+## Using ABAC Interface and Trait with Eloquent Models
+// todo
+
 ## AAuth Service and Facade Methods
+// todo
 
 ### Current Roles All Permissions
 current user's selected roles permissions with **AAuth Facade**
@@ -444,8 +463,7 @@ $organizationNodes = AAuth::organizationNodes();
 ```
 
 ### Get one specified organization node
-.....
-
+// todo help wanted
 
 ### Descendant nodes can be checked
 with this method you can check is a organization node is descendant of another organization node.
@@ -469,16 +487,22 @@ $exampleModel = ExampleModel::find(1);
 $relatedOrganizationModel = $exampleModel->relatedAAuthOrganizationNode()
 ```
 
-## Getting allowed Organization Nodes Only.
+## Getting authorized Models only. (OrBAC)
 
 after adding `AAuthOrganizationNode` trait to your model, you are adding a global scope which filters the permitted data.
 
-Thus you can simply use any eloquent model method without adding anything
+Thus, you can simply use any eloquent model method without adding anything
 
 ```php
 ExampleModel::all();
 ```
 
+## Creating Role - ABAC Rules
+// todo
+
+## Getting authorized Models only. (ABAC)
+// todo
+
 ## Getting All Model Collection without any access control
 ```php
 ExampleModel::withoutGlobalScopes()->all()

Readme-todo.md

@@ -2,10 +2,10 @@
 - Facade yerine sadece service provide kullanılabilir mi? aliass?
   - singleton içinde facade yerine service class olabilir
 - phpStan problemleri
-- pint
+- pint, github actions
 - can fonkisyonlarında yetki 1 kez çekilebilir
 - Readme contribution
-
+- ABAC
 
 
 ## Done
@@ -35,17 +35,19 @@
 - role perm. service validation ve excepiton unit testleri, validation excepitonarlını testti
 - org. service validation ve excepiton unit testleri, validation excepitonarlını testti
 - test with coverage
-- ABAC
 - translations
 - request's ve validations
-- github pages ?
 - test'lerin publish edilmesi ve namespacelerin replace edilmesi
 - postgress testleri için github actions
 - laravel gates register policy
 
 
 ## Dökümantasyon
-
 - config'ler
 - migr. ve seeder'ların çalıştırılması
 - github pages docs
+- ABAC docs
+
+
+## backlog
+- github pages ?

composer.json

@@ -18,6 +18,7 @@
     "require": {
         "php": "^8.1",
         "illuminate/contracts": "^9.0",
+        "laravel/pint": "^1.2",
         "spatie/laravel-package-tools": "^1.9.2"
     },
     "require-dev": {

config/aauth.php

@@ -1,17 +1,18 @@
 <?php
+
 // config for AuroraWebSoftware/AAuth
 return [
     'permissions' => [
-            'system' => [
-                // example system permission
-                // key => translation
-                'edit_something_for_system' => 'aauth/system.edit_something_for_system',
-                'create_something_for_system' => 'aauth/system.create_something_for_system',
-            ],
-            'organization' => [
-                // example organization permission
-                'edit_something_for_organization' => 'aauth/organization.edit_something_for_organization',
-                'create_something_for_organization' => 'aauth/organization.create_something_for_organization',
-            ],
+        'system' => [
+            // example system permission
+            // key => translation
+            'edit_something_for_system' => 'aauth/system.edit_something_for_system',
+            'create_something_for_system' => 'aauth/system.create_something_for_system',
         ],
+        'organization' => [
+            // example organization permission
+            'edit_something_for_organization' => 'aauth/organization.edit_something_for_organization',
+            'create_something_for_organization' => 'aauth/organization.create_something_for_organization',
+        ],
+    ],
 ];

database/migrations/2021_10_18_142336_seed_initial_data.php

@@ -1,30 +1,26 @@
 <?php
 
-
 use AuroraWebSoftware\AAuth\Models\OrganizationNode;
 use AuroraWebSoftware\AAuth\Models\OrganizationScope;
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Support\Facades\DB;
 
 class SeedInitialData extends Migration
 {
-
     /**
      * Run the migrations.
      *
      * @return void
      */
-
     public function up()
     {
         $organizationScope = new OrganizationScope();
         $organizationScope->id = 1;
-        $organizationScope->name = "Root Scope";
+        $organizationScope->name = 'Root Scope';
         $organizationScope->level = 1;
-        $organizationScope->status = "active";
+        $organizationScope->status = 'active';
         $organizationScope->save();
 
-
         if (config('database.default') == 'pgsql') {
             DB::select("
                     SELECT setval(pg_get_serial_sequence('organization_scopes', 'id'), coalesce(max(id)+1, 1), false)
@@ -35,8 +31,8 @@ public function up()
         $on = new OrganizationNode();
         $on->id = 1;
         $on->organization_scope_id = 1;
-        $on->name = "Root Node";
-        $on->path = "1";
+        $on->name = 'Root Node';
+        $on->path = '1';
         $on->save();
 
         if (config('database.default') == 'pgsql') {
@@ -52,7 +48,6 @@ public function up()
      *
      * @return void
      */
-
     public function down()
     {
         OrganizationScope::whereId(1)->delete();

database/seeders/SampleDataSeeder.php

@@ -69,7 +69,7 @@ public function run()
                 'parent_id' => $organizationNode1->id,
             ]
         );
-        $organizationNode2->path = $organizationNode1->id . '/' . $organizationNode2->id;
+        $organizationNode2->path = $organizationNode1->id.'/'.$organizationNode2->id;
         $organizationNode2->save();
 
         $organizationNode3 = OrganizationNode::create(
@@ -82,7 +82,7 @@ public function run()
                 'parent_id' => $organizationNode1->id,
             ]
         );
-        $organizationNode3->path = $organizationNode1->id . '/' . $organizationNode3->id;
+        $organizationNode3->path = $organizationNode1->id.'/'.$organizationNode3->id;
         $organizationNode3->save();
 
         $organizationNode4 = OrganizationNode::create(
@@ -95,10 +95,9 @@ public function run()
                 'parent_id' => $organizationNode2->id,
             ]
         );
-        $organizationNode4->path = $organizationNode2->path . '/' . $organizationNode4->id;
+        $organizationNode4->path = $organizationNode2->path.'/'.$organizationNode4->id;
         $organizationNode4->save();
 
-
         $role1 = Role::create([
             'type' => 'system',
             'name' => 'System Role 1',
@@ -174,7 +173,6 @@ public function run()
             'organization_node_id' => $organizationNode4->id,
         ]);
 
-
         $systemPermissions = config('aauth.permissions.system');
 
         foreach ($systemPermissions as $key => $val) {
@@ -236,14 +234,13 @@ public function run()
 
             //loop through the tables
             foreach ($tables as $table) {
-
                 // if the table is not to be ignored then:
                 if (! in_array($table->table_name, $ignores)) {
                     //Get the max id from that table and add 1 to it
                     $seq = DB::table($table->table_name)->max('id') + 1;
 
                     // alter the sequence to now RESTART WITH the new sequence index from above
-                    DB::select('ALTER SEQUENCE ' . $table->table_name . '_id_seq RESTART WITH ' . $seq);
+                    DB::select('ALTER SEQUENCE '.$table->table_name.'_id_seq RESTART WITH '.$seq);
                 }
             }
         }