New
-
Support for Laravel 5.8 🎉
-
Allow granting abilities to everyone. 0d6e7b6
Bouncer::allowEveryone()->to('view', Post::class);
See #319 for why this is useful. In short:
When there are certain abilities you'd like everyone to have, you previously had to add that ability to everyone separately (either directly or through a role). This works, but it means that:
- You're bloating up your database.
- It's another thing that has to run whenever a new user signs up.
- Whenever you change these, you have to remember to also add these permissions for all existing users.
Using Bouncer to grant these abilities to everyone means there's one less thing to manage, and you can keep your DB much leaner.
Note: this requires a small change to the DB schema, making two columns
nullable. See below in the section on migrations. -
Allow running a callback with a temporary scope. ebba511
When applying a global scope in a multi-tenant system, it may sometimes be beneficial to be able to run a single query without the scope, or with a different scope. #368
Both of these are now possible:
Bouncer::scope()->onceTo($tenantId, function () { // All queries within this closure will run with this // temporary $tenantId. After that, every other // query will use the global tenant ID. });
Bouncer::scope()->removeOnce(function () { // All queries within this closure will run without any scope. });
It's also now possible to get the current tenant's ID:
$tenantId = Bouncer::scope()->get();
Fixes
- Properly scope
disallow/forbidwhen called on a role f143275
Breaking Changes
NOTE: this will only affect you if you're using custom models or custom table names.
If you're using custom models or custom table names, they will now automatically be registered with the morph map. See #306 and #378 for why this change was necessary.
What this means is that if you weren't registering your models with the morph map yourself, you'll now have to migrate your DB so that it no longer stores the raw model class names.
So, if you've registered a custom role with Bouncer:
Bouncer::useRoleModel(MyRole::class);...and have not previously registered it with the morph map yourself, you should migrate your DB to use the morph map's entity type:
DB::table('permissions')
->where(['entity_type' => MyRole::class])
->update(['entity_type' => (new MyRole)->getMorphClass()]);
Schema Changes
There are no necessary schema changes in this release. However, in order to use the new allowEveryone() feature, you'll need to change the following 2 columns in the permissions table to be nullable:
entity_identity_type
A note on version compatibility
Since this release contains an important bugfix to the multi-tenancy scope system in Bouncer, it still supports Laravel all the way back to 5.1 and PHP all the way back to 5.5.
If there are no show stopping bugs found with this RC, the next RC will no longer support these older versions of Laravel & PHP. If you're still stuck on these older versions, you can continue using Bouncer with this release until you're ready to upgrade.