Laravel Restricted Laravel Package

Getting Started

Minimal Setup

1. Installation:

   composer require christhompsontldr/laravel-restricted
   

   Publish the config file:

   php artisan vendor:publish --provider="ChrisThompsonTLDR\Restricted\RestrictedServiceProvider"
   

2. Configuration: Edit config/restricted.php to define:

   • restricted_routes: Routes that should be restricted (e.g., ['/admin/*']).
   • restricted_middleware: Middleware to apply when restricted (e.g., ['restricted']).
   • restricted_guard: Auth guard to use (e.g., web).

3. First Use Case: Toggle restricted mode for a user via:

   // Enable restricted mode
   Auth::user()->restricted = true;
   Auth::user()->save();
   
   // Disable restricted mode
   Auth::user()->restricted = false;
   Auth::user()->save();
   

4. Middleware: Register the RestrictedMiddleware in app/Http/Kernel.php:

   protected $routeMiddleware = [
       'restricted' => \ChrisThompsonTLDR\Restricted\Middleware\RestrictedMiddleware::class,
   ];
   

5. Route Protection: Apply the middleware to routes:

   Route::middleware(['auth', 'restricted'])->group(function () {
       Route::get('/admin', 'AdminController@index');
   });
   

Implementation Patterns

Workflows

1. User Restriction Workflow:

   • Check Restricted Status:

     if (Auth::user()->isRestricted()) {
         // Redirect or show limited UI
     }
     

   • Toggle Restricted Mode: Use a controller method or command:

     public function toggleRestrictedStatus(User $user) {
         $user->restricted = !$user->restricted;
         $user->save();
     }
     

   • Conditional Logic:

     if (!Auth::user()->isRestricted()) {
         // Full functionality
     } else {
         // Limited functionality (e.g., read-only mode)
     }
     

2. Route-Level Restrictions:

   • Use the restricted middleware to block access to sensitive routes:

     Route::middleware(['auth', 'restricted'])->group(function () {
         Route::get('/dashboard', 'DashboardController@index');
     });
     

   • Override default restricted routes in config/restricted.php:

     'restricted_routes' => [
         'admin/*',
         'settings/*',
         'api/admin/*',
     ],
     

3. API Integration:

   • Extend the RestrictedMiddleware to handle API responses:

     public function handle($request, Closure $next) {
         if (Auth::guard($this->guard)->user()->isRestricted()) {
             return response()->json(['error' => 'Restricted access'], 403);
         }
         return $next($request);
     }
     

4. View-Based Restrictions:

   • Dynamically hide/show UI elements:

     @if(!Auth::user()->isRestricted())
         <button class="delete-btn">Delete</button>
     @endif
     

   • Use a directive to simplify:

     Blade::directive('restricted', function ($expression) {
         return "<?php if(!Auth::user()->isRestricted()): ?>";
     });
     

     @restricted
         <button>Full Feature</button>
     @endrestricted
     

5. Event-Based Triggers:

   • Listen for restricted mode changes:

     Auth::user()->restricted = true;
     Auth::user()->save();
     event(new UserRestricted(Auth::user()));
     

   • Register an event listener in EventServiceProvider:

     protected $listen = [
         'ChrisThompsonTLDR\Restricted\Events\UserRestricted' => [
             'App\Listeners\LogRestrictedAccess',
         ],
     ];
     

Gotchas and Tips

Pitfalls

1. Middleware Order Matters:

   • Place restricted middleware after auth in Kernel.php to avoid bypassing auth checks:

     $middlewareGroups['web'] = [
         \App\Http\Middleware\EncryptCookies::class,
         \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
         \Illuminate\Session\Middleware\StartSession::class,
         // ... other middleware
         \App\Http\Middleware\Authenticate::class, // Auth first
         \ChrisThompsonTLDR\Restricted\Middleware\RestrictedMiddleware::class, // Then restricted
     ];
     

2. Database Column Requirement:

   • The users table must have a restricted column (boolean). Add it via migration if missing:

     Schema::table('users', function (Blueprint $table) {
         $table->boolean('restricted')->default(false);
     });
     

3. Caching Issues:

   • If using Laravel caching, clear it after toggling restricted status:

     Auth::user()->restricted = true;
     Auth::user()->save();
     Cache::forget('user.' . Auth::id());
     

4. Route Caching:

   • After modifying restricted_routes in config, clear route cache:

     php artisan route:clear
     

5. Guard-Specific Logic:

   • The package defaults to the web guard. For custom guards (e.g., api), specify it in the middleware:

     public function __construct() {
         $this->guard = 'api'; // Override default
     }
     

Debugging Tips

1. Check Restricted Status:

   • Add a helper method to your User model:

     public function isRestricted() {
         return $this->restricted ?? false;
     }
     

2. Log Restricted Access:

   • Extend the middleware to log attempts:

     public function handle($request, Closure $next) {
         if (Auth::guard($this->guard)->check() && Auth::guard($this->guard)->user()->isRestricted()) {
             \Log::warning('Restricted access attempt by ' . Auth::id());
             return redirect()->route('home')->with('error', 'Access restricted');
         }
         return $next($request);
     }
     

3. Test Middleware:

   • Use Laravel's middleware helper in tests:

     $response = $this->withHeaders([
         'Authorization' => 'Bearer ' . $this->token,
     ])->withMiddleware(\ChrisThompsonTLDR\Restricted\Middleware\RestrictedMiddleware::class)
       ->get('/admin');
     

4. Config Overrides:

   • Temporarily override config in tests:

     $this->app->override('restricted', [
         'restricted_routes' => ['/test'],
     ]);
     

Extension Points

1. Custom Restricted Logic:

   • Override the RestrictedMiddleware to add custom logic:

     public function handle($request, Closure $next) {
         if (Auth::user()->isRestricted()) {
             if ($request->is('critical/*')) {
                 abort(403, 'Critical routes are blocked in restricted mode.');
             }
         }
         return $next($request);
     }
     

2. Add Restricted Mode UI:

   • Create a trait for restricted-mode-aware controllers:

     trait HandlesRestrictedMode {
         public function checkRestrictedMode() {
             if (Auth::user()->isRestricted()) {
                 return redirect()->route('restricted.dashboard');
             }
         }
     }
     

3. API Rate Limiting:

   • Combine with throttle middleware:

     Route::middleware(['throttle:60,1', 'restricted'])->post('/api/sensitive', ...);
     

4. Dynamic Route Restrictions:

   • Use a service provider to dynamically set restricted routes:

     public function boot() {
         $restrictedRoutes = config('restricted.dynamic_routes', []);
         config(['restricted.restricted_routes' => array_merge(
             config('restricted.restricted_routes'),
             $restrictedRoutes
         )]);
     }
     

5. Event-Driven Notifications:

   • Trigger notifications when a user enters restricted mode:

     Auth::user()->restricted = true;
     Auth::user()->save();
     event(new UserRestricted(Auth::user()));
     

   • Create a listener:

     public function handle(UserRestricted $event) {
         Notification::route('mail', $event->user->email)
                     ->notify(new RestrictedModeNotification());
     }