Security
Laravel Ban simplify management of Eloquent model's ban. Make any model bannable in a minutes!
Use case is not limited to User model, any Eloquent model could be banned: Organizations, Teams, Groups and others.
BanService
.User
model, any Eloquent model could be banned.ban
and unban
.First, pull in the package through Composer:
composer require cybercog/laravel-ban
The package will automatically register itself. This step required for Laravel 5.4 or earlier releases only.
Include the service provider within app/config/app.php
:
'providers' => [
Cog\Laravel\Ban\Providers\BanServiceProvider::class,
],
At last, you need to publish and run database migrations:
php artisan vendor:publish --provider="Cog\Laravel\Ban\Providers\BanServiceProvider" --tag="migrations"
php artisan migrate
use Cog\Contracts\Ban\Bannable as BannableInterface;
use Cog\Laravel\Ban\Traits\Bannable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements BannableInterface
{
use Bannable;
}
Bannable model must have nullable timestamp
column named banned_at
. This value used as flag and simplify checks if user was banned. If you are trying to make default Laravel User model to be bannable you can use example below.
php artisan make:migration add_banned_at_column_to_users_table
Then insert the following code into migration file:
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up(): void
{
Schema::table('users', function (Blueprint $table) {
$table->timestamp('banned_at')->nullable();
});
}
public function down(): void
{
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('banned_at');
});
}
};
$user->ban();
$user->ban([
'comment' => 'Enjoy your ban!',
]);
$user->ban([
'expired_at' => '2086-03-28 00:00:00',
]);
expired_at
attribute could be \Carbon\Carbon
instance or any string which could be parsed by \Carbon\Carbon::parse($string)
method:
$user->ban([
'expired_at' => '+1 month',
]);
$user->unban();
On unban
all related ban models are soft deletes.
$user->isBanned();
$user->isNotBanned();
app(\Cog\Contracts\Ban\BanService::class)->deleteExpiredBans();
$ban = $user->ban();
$ban->isPermanent(); // true
Or pass null
value.
$ban = $user->ban([
'expired_at' => null,
]);
$ban->isPermanent(); // true
$ban = $user->ban([
'expired_at' => '2086-03-28 00:00:00',
]);
$ban->isTemporary(); // true
$users = User::withoutBanned()->get();
$users = User::withBanned()->get();
$users = User::onlyBanned()->get();
To apply query scopes all the time you can define shouldApplyBannedAtScope
method in bannable model. If method returns true
all banned models will be hidden by default.
use Cog\Contracts\Ban\Bannable as BannableInterface;
use Cog\Laravel\Ban\Traits\Bannable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable implements BannableInterface
{
use Bannable;
/**
* Determine if BannedAtScope should be applied by default.
*
* @return bool
*/
public function shouldApplyBannedAtScope()
{
return true;
}
}
If entity is banned \Cog\Laravel\Ban\Events\ModelWasBanned
event is fired.
Is entity is unbanned \Cog\Laravel\Ban\Events\ModelWasUnbanned
event is fired.
This package has route middleware designed to prevent banned users to go to protected routes.
To use it define new middleware in $routeMiddleware
array of app/Http/Kernel.php
file:
protected $routeMiddleware = [
'forbid-banned-user' => \Cog\Laravel\Ban\Http\Middleware\ForbidBannedUser::class,
]
Then use it in any routes and route groups you need to protect:
Route::get('/', [
'uses' => 'UsersController@profile',
'middleware' => 'forbid-banned-user',
]);
If you want force logout banned user on protected routes access, use LogsOutBannedUser
middleware instead:
protected $routeMiddleware = [
'logs-out-banned-user' => \Cog\Laravel\Ban\Http\Middleware\LogsOutBannedUser::class,
]
After you have performed the basic installation you can start using the ban:delete-expired
command. In most cases you'll want to schedule these command so you don't have to manually run it everytime you need to delete expired bans and unban models.
The command can be scheduled in Laravel's console kernel, just like any other command.
// app/Console/Kernel.php
protected function schedule(Schedule $schedule)
{
$schedule->command('ban:delete-expired')->everyMinute();
}
Of course, the time used in the code above is just example. Adjust it to suit your own preferences.
Please see CHANGELOG for more information on what has changed recently.
Please see UPGRADING for detailed upgrade instructions.
Please see CONTRIBUTING for details.
Run the tests with:
vendor/bin/phpunit
If you discover any security related issues, please email open@cybercog.su instead of using the issue tracker.
Anton Komarev | badr aldeen shek salim | Rick Mac Gillis | AnsellC | Joe Archer |
---|---|---|---|---|
Francisco Solis | Jakub Adamec | Ilia Lazarev | ZeoKnight |
Laravel Ban
package is open-sourced software licensed under the MIT License by Anton Komarev.Fat Boss In Jail
image licensed under Creative Commons 3.0 by Gan Khoon Lay.CyberCog is a Social Unity of enthusiasts. Research the best solutions in product & software development is our passion.