How can we help Bouncer get to 1.0?

[marcusmoore]

Hello!

Do you have a checklist of features or ideas that need to be hashed out before you're comfortable tagging a 1.0 release that anyone might be able to help with?

I want to start contributing to OSS and Bouncer might be a good place to start.

[Arcesilas]

That's a good initiative. I don't have enough time to contibute with code, but I can help too, with support, as I already started. I can also help produce documentation with examples. Would MD pages be ok for that ?

[Gummibeer]

I'm also trying/wanting - most things I'm doing are testing and fixing found bugs.

[JosephSilber]

@marcusmoore88 thanks for your interest!

I don't have a clear checklist. I have some small things here and there that I want to finish up. The biggest change I still want to make is having the roles/abilities relationship be polymorphic, so that you can assign roles/abilities to any model, not just the users.

Besides for that, it's simply finishing up some tests and documentation.

Also @Arcesilas and @Gummibeer, thanks for all your help thus far.

[Arcesilas]

You're welcome. May I start writing some markdown pages for more complete documentation ? Are there any specifications you prefer ?

Concerning polymorphism, it looks great! Not sure to have relevant examples coming to my mind, though.

[Gummibeer]

We have an example for the need of polymorphic relations:

We have a tool for an Agency but also their customers and there are abilities for: User, Contact & Agency - it's solveable by normal relations to the User but simpler by relations in different models.

[JosephSilber]

I started work on a polymorphic system in a separate branch. Here's the commit: https://github.com/JosephSilber/bouncer/commit/2734f9c9c66007fb0a072e73d3e00aeeaca0f329

All tests pass, but there's still a lot of work to do. There are many places where users are hard-coded, so it won't truly work with any model yet.

Testing and PRs welcome :)

[JosephSilber]

@Arcesilas regarding creating markdown pages: I don't think this project is big enough to warrant a full wiki with many disparate pages. I think the current readme format is enough. It just needs some stuff that's missing, and clarification on others.

[JosephSilber]

I believe the polymorphic branch is now complete. If any of you can give it a spin, it'd be really helpful.

Once I'm a little more confident that it actually works, I'll merge it into the master branch, tag it, and provide an upgrade DB migration script.

Thanks for all your help.

[JosephSilber]

If any of you can take the new polymorphic system for a spin, I'd highly appreciate it.

1. Backup your database.
2. Set the version of Bouncer in your composer.json file to dev-polymorphic dev-master.
3. Run composer update.
4. Follow this upgrade guide to migrate your schema and data to the new structure.
5. Please report back on how it went.

You don't have to change any of your existing code. Bouncer's API has not changed.

Thank you all :heart:

[marcusmoore]

I have a project I'm working on this week that I can drop the new polymorphic branch into.

[ognjenm]

I'm testing it, also trying to make some sort of UI for managing roles and permissions. This is great package.

[JosephSilber]

@ognjenm thanks for trying it out! Don't forget to report back on how it works.

Is this for a new project, or you're upgrading from Bouncer 1.x?

[marcusmoore]

I planned on testing the polymorphic branch on a personal project but I haven't been able to drop it in yet. I think it'll be a while before I can give any feedback after all.

[coolynx]

I played around with v1.0.0-alpha.1 version and not familiar with any previous versions of Bouncer. And do not know much about it.

More detailed documentation with examples would be nice. I'm one of the users who is not very fluent in Laravel (and programming/php) and such tricks as mentioned in #86 are excellent - they keep package lean and yet functional. Just reference those issues from documentation as examples on how to. No need to rewrite everything.

Maybe I missed another one about the same table abilities. There is a field entitiy_id. I'm guessing that it is meant for a more specific entity record.

For example, an ability delete-admin that has ID (entity_id = 1) in App\User model. So that this specific ability allows only one thing in a system - that another user with Admin role and abilities can not delete the originator. { "id": 5, "name": "delete-admin", "entity_id": 1, "entity_type": "App\User", "created_at": "2016-04-28 19:42:04", "updated_at": "2016-04-28 19:42:04" } How to access/use it? ;) Or it is just a hidden feature for manual usage?

There could be a problem if there is another entity_type (App\Post) with the same id (1), because of unique field.

And the last one - permissions table has a field forbidden. Did not get how to use it.

I did not check syncing and caching. Otherwise I like it. Thank you! 👍

[JosephSilber]

@coolynx Support for denying abilities has been requested before. It's not gonna make it into 1.0, but I'm considering it as a possible addition down the road. And yes, the forbidden column is there to enable this in the future.

With regards to the documentation, you are absolutely right. Better documentation is part of the roadmap for the 1.0 release, as I've outlined in the release notes for the first alpha release of the 1.0 branch.

[GKMelbo]

Hi, I've just started trying out Bouncer and Laravel 5, and maybe it's just me who is a noob, but I've followed the installation in the readme and are stuck at Usage. Where do I put the Bouncer::allow('admin')->to('ban-users');? The readme states it will create a Role and Ability model for me, but I can't get it to do that. Would it be possible to update the documentation to explain this better? Sorry if this isn't the right place to ask this.

[coolynx]

@GKMelbo in whatever place (Controller/Model) you want to use it and if you have done all the steps mentioned in documentation.

But the easiest way to check the package without writing any code (almost) is using Artisan command tinker. Here is an example. Assuming that there is at least one user in database.

php artisan tinker

And in tinker:

$user = App\User::find(1); // find the first user
Bouncer::assign('admin')->to($user); // give admin Role to this user
Bouncer::allow('admin')->to('ban-users'); // give permission to admin role
$user->getAbilities(); // get all permissions to check if a user has got the given permission

And the output:

  Silber\Bouncer\Database\Ability {#684
     id: 9,
     name: "ban-users",
     entity_id: null,
     entity_type: null,
     created_at: "2016-05-04 20:28:23",
     updated_at: "2016-05-04 20:28:23",

Probably the best way to learn is to read Laravel documentation and maybe Roles and Permissions in Laracasts (paid) or ACL basics (free).

[GKMelbo]

@coolynx I see. That clears it up! Where can I find the Role and Ability model that Bouncer creates? It doesn't show up in the app directory. Thanks for the help and the resources. I'm actually already a subscriber to Laracasts and discovered Bouncer in the ACL videos comments section. Looking forward to keep learning about Laravel and Bouncer :)

[coolynx]

@GKMelbo Bouncer does not create any files. AFAIK none of the packages (any) are creating files for you. Except for configuration, migration or seed files. This is your responsibility to make models in app directory.

[GKMelbo]

@coolynx Okey. I was just a bit confused from the Creating roles and abilities section that states

Behind the scenes, Bouncer will create both a Role model and an Ability model for you.

[antoniopaisfernandes]

@JosephSilber when are you considering releasing a new version? At the same time as Laravel 5.3?

Great work!

[JosephSilber]

@antoniopaisfernandes I hope to release another alpha with Laravel 5.3 support by the end of the week (no promises).

[sagunkho]

@JosephSilber looking forward to it working with laravel 5.3. 👍

[andyscraven]

Did you ever release a 5.3 version @JosephSilber ?

I ask as I am getting an error when I try composer require it with 5.3.

[JosephSilber]

The latest alpha, which you can install by requiring v1.0.0-alpha.3, supports 5.3.

I hope to have a stable beta out by the end of the month.

[andyscraven]

Thanks @JosephSilber. Can you drop a message when it is stable? The company I am doing a contract for do not allow alpha releases. Thanks a lot!

[base-zero]

Such a nice and easy to use package ! @JosephSilber Any update on v1.0.0 becoming stable ?

[JosephSilber]

@base-zero I've been a little busy of late and didn't really have much time to dedicate to Bouncer. I hope to get back into it towards the end of this week, and aim to have a beta out sometime next week.

The beta period will be dedicated to documentation. While I do not anticipate any breaking changes in the beta, writing comprehensive documentation often leads to finding pain points in the product that have been glossed over before (I'd say DDD¹ is one of the most useful things I've learned from Taylor Otwell). So while breaking changes aren't likely, they cannot be guaranteed either.

¹ _{Documentation Driven Design.}

[andyscraven]

That should be perfect timing for me as I need to start thinking about roles etc next week in my project. Thanks again @JosephSilber

[andyscraven]

Hi @JosephSilber. How is the update coming? I am going to go ahead and use the latest version as I am up against a deadline. I will feedback any issues I find. Is it still v1.0.0-alpha.3?

[JosephSilber]

@andyscraven not as fast as I'd hoped. Hopefully I'll have it out within a few days.

[andyscraven]

@JosephSilber I need to be able to return the specific role of the User so I can preselect his/her role in my edit users form. I see getAbilities() but not getRoles() although I can see it deeper in your code. Can I access it? Ideally I need $user->getRole();

[nmfzone]

@andyscraven Is this not enough?

OR

You can use this.

App\User.php

/**
 * Get the user's roles.
 *
 * @return \Illuminate\Support\Collection
 */
public function getRoles()
{
    return $this->getClipboardInstance()->getRoles($this);
}

[coolynx]

@andyscraven i found many answers in closed issues section. 😄

Get user's roles list https://github.com/JosephSilber/bouncer/issues/67 how to get all roles (list with all related issues) https://github.com/JosephSilber/bouncer/issues/125 How to get all the user who have certain role? https://github.com/JosephSilber/bouncer/issues/96 Get abilities from roles https://github.com/JosephSilber/bouncer/issues/97#issuecomment-222342058 Assign and check abilities (permissions) https://github.com/JosephSilber/bouncer/issues/98

And there are more.

[andyscraven]

Thanks @coolynx. I guess I should have guessed that :-)

[andyscraven]

@JosephSilber. Just to let you know I have integrated the Alpha release with my 5.3 project and so far so good! I have not come across any issues.

[JosephSilber]

Just released the long overdue beta.

https://github.com/JosephSilber/bouncer/releases/tag/v1.0.0-beta.1

[andyscraven]

@JosephSilber Great to know, thank you.

[brianmclachlin]

@JosephSilber I would love to use this package on one of my projects, model based permissions is exactly what I'm looking for; however, it seems like it's still under active development.

Besides for that, it's simply finishing up some tests and documentation.

There have been quite a few commits since the last tagged beta release, including schema changes.

Should I hold off on using this package or is it in a production ready state?

[JosephSilber]

@brianmclachlin it has been in a production-ready state for a very long time (and is in fact used in production by many many projects), although it has had some backwards-incompatible changes that required a very minimal amount of changes on the user's end.

From where I stand now, the latest set of schema changes seems to be the last one before 1.0, ~besides for maybe removing roles' levels. If you don't plan on using levels, this won't affect you at all.~ Decided for now to not remove role levels.

~One final breaking change I still intend to make is remove the undocumented seeder class. People should just be using Laravel's built-in seeders.~ This is done now.

I plan on tagging a new beta before the end of the year with multi-tenancy support and its new schema, the seeder class removed & maybe remove role levels.

So to get back to your original question: the package is definitely in a production-ready state. If you lock your composer dependency to a particular version as described in the readme (instead of blindly using dev-master), you'll be ok. Then, if there are any minor breaking changes going forward, you can deal with them when you upgrade. They'll be clearly documented, like all other releases.

Do note: when Bouncer reaches 1.0 it'll only support Laravel 5.5 and PHP 7.1. If you're using an older version of Laravel/PHP you can stay on the current version till you upgrade.

---

Finally: I'm really sorry to everyone patiently waiting for 1.0. I wish I'd have more time to spend on Bouncer, but the second half of this year I've been bogged down by other responsibilities. I'm still committed to getting Bouncer to 1.0 in due time, just at a longer timetable than I originally expected.

In the meantime, thank you all for using Bouncer 🎉

[marcoraddatz]

First of all, thanks for this great package!

The current version seems to be very stable. What if it becomes v1.0 and your next major update will become v2.0?

[JosephSilber]

Just tagged a new release with multi-tenancy support: v1.0.0-beta.5.

I plan for this to be the last beta. Besides for bumping the minimum requirements, I seriously hope not to have any more breaking changes till 1.0.

May your happiest years be ahead of you :confetti_ball:

[brianmclachlin]

@JosephSilber Thanks for the feedback, really appreciate it. I'm excited to implement this package!

[Keoghan]

@JosephSilber almost there! Keep it up, it's a lovely package.

[Cipa]

Please keep a version working for php 5.6. Thank you

[FrittenKeeZ]

When will RC2 be released?

[sebastiaanluca]

RC1 has been working like a charm here since its release, looking forward to the official release! 🙌

[faustbrian]

@JosephSilber what is the current status of bouncer? Still the plan to get to a stable 1.0 release and keep it maintained?

[JosephSilber]

@faustbrian definitely!

I've been extremely busy these last few months (we moved recently), so haven't really had much time to dedicate to Bouncer.

Hope to get back into it soon, go through all the issues and PRs, finish up a few in-the-works features, and see how we can actually get to a 1.0.

Hold on tight, good days are coming 😃

[faustbrian]

Great to hear that! Was questioning wether it's still maintained so wanted to make sure before integrating it but good to hear it's on its way to 1.0 👍