Support for multiple enforcers.

src/Adapters/DatabaseAdapter.php

@@ -37,8 +37,6 @@ class DatabaseAdapter implements DatabaseAdapterContract
      *
      * @param string $ptype
      * @param array  $rule
-     *
-     * @return void
      */
     public function savePolicyLine($ptype, array $rule)
     {

src/EnforcerManager.php

@@ -6,34 +6,75 @@ use Casbin\Enforcer;
 use Casbin\Model\Model;
 use Casbin\Log\Log;
 use Lauthz\Contracts\Factory;
-use Illuminate\Support\Manager;
+use Lauthz\Models\Rule;
 use Illuminate\Support\Arr;
+use InvalidArgumentException;
 
 /**
  * @mixin \Casbin\Enforcer
  */
-class EnforcerManager extends Manager implements Factory
+class EnforcerManager implements Factory
 {
     /**
-     * Get the default driver name.
+     * The application instance.
      *
-     * @return string
+     * @var \Illuminate\Foundation\Application
      */
-    public function getDefaultDriver()
+    protected $app;
+
+    /**
+     * The array of created "guards".
+     *
+     * @var array
+     */
+    protected $guards = [];
+
+    /**
+     * Create a new manager instance.
+     *
+     * @param \Illuminate\Foundation\Application $app
+     */
+    public function __construct($app)
     {
-        return $this->app['config']['lauthz.default'];
+        $this->app = $app;
     }
 
     /**
-     * Create an instance of the Basic Enforcer driver.
+     * Attempt to get the enforcer from the local cache.
      *
-     * @param array $config
+     * @param string $name
      *
      * @return \Casbin\Enforcer
+     *
+     * @throws \InvalidArgumentException
      */
-    public function createBasicDriver()
+    public function guard($name = null)
     {
-        $config = $this->getConfig('basic');
+        $name = $name ?: $this->getDefaultGuard();
+
+        if (!isset($this->guards[$name])) {
+            $this->guards[$name] = $this->resolve($name);
+        }
+
+        return $this->guards[$name];
+    }
+
+    /**
+     * Resolve the given guard.
+     *
+     * @param string $name
+     *
+     * @return \Casbin\Enforcer
+     *
+     * @throws \InvalidArgumentException
+     */
+    protected function resolve($name)
+    {
+        $config = $this->getConfig($name);
+
+        if (is_null($config)) {
+            throw new InvalidArgumentException("Enforcer [{$name}] is not defined.");
+        }
 
         if ($logger = Arr::get($config, 'log.logger')) {
             Log::setLogger(new $logger($this->app['log']));
@@ -48,7 +89,9 @@ class EnforcerManager extends Manager implements Factory
         }
         $adapter = Arr::get($config, 'adapter');
         if (!is_null($adapter)) {
-            $adapter = $this->app->make($adapter);
+            $adapter = $this->app->make($adapter, [
+                'eloquent' => new Rule([], $name),
+            ]);
         }
 
         return new Enforcer($model, $adapter, Arr::get($config, 'log.enabled', false));
@@ -65,4 +108,49 @@ class EnforcerManager extends Manager implements Factory
     {
         return $this->app['config']["lauthz.{$name}"];
     }
+
+    /**
+     * Get the default enforcer guard name.
+     *
+     * @return string
+     */
+    public function getDefaultGuard()
+    {
+        return $this->app['config']['lauthz.default'];
+    }
+
+    /**
+     * Set the default guard driver the factory should serve.
+     *
+     * @param string $name
+     */
+    public function shouldUse($name)
+    {
+        $name = $name ?: $this->getDefaultGuard();
+
+        $this->setDefaultGuard($name);
+    }
+
+    /**
+     * Set the default authorization guard name.
+     *
+     * @param string $name
+     */
+    public function setDefaultGuard($name)
+    {
+        $this->app['config']['lauthz.default'] = $name;
+    }
+
+    /**
+     * Dynamically call the default driver instance.
+     *
+     * @param string $method
+     * @param array  $parameters
+     *
+     * @return mixed
+     */
+    public function __call($method, $parameters)
+    {
+        return $this->guard()->{$method}(...$parameters);
+    }
 }

src/Middlewares/RequestMiddleware.php

@@ -4,6 +4,7 @@ namespace Lauthz\Middlewares;
 
 use Closure;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
 use Lauthz\Exceptions\UnauthorizedException;
 use Lauthz\Facades\Enforcer;
 
@@ -12,50 +13,54 @@ use Lauthz\Facades\Enforcer;
  */
 class RequestMiddleware
 {
-    /**
-     * The authentication factory instance.
-     *
-     * @var \Illuminate\Contracts\Auth\Factory
-     */
-    protected $auth;
-
-    /**
-     * Create a new middleware instance.
-     *
-     * @param \Illuminate\Contracts\Auth\Factory $auth
-     *
-     * @return void
-     */
-    public function __construct(Auth $auth)
-    {
-        $this->auth = $auth;
-    }
-
     /**
      * Handle an incoming request.
      *
      * @param \Illuminate\Http\Request $request
      * @param \Closure                 $next
-     * @param mixed                    ...$args
+     * @param mixed                    ...$guards
      *
      * @return mixed
      */
-    public function handle($request, Closure $next)
+    public function handle($request, Closure $next, ...$guards)
     {
         if (Auth::guest()) {
             throw new UnauthorizedException();
         }
 
+        $this->authorize($request, $guards);
+
+        return $next($request);
+    }
+
+    /**
+     * Determine if the user is authorized in to any of the given guards.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param array                    $guards
+     *
+     * @throws \Lauthz\Exceptions\UnauthorizedException
+     */
+    protected function authorize(Request $request, array $guards)
+    {
         $user = Auth::user();
         $identifier = $user->getAuthIdentifier();
         if (method_exists($user, 'getAuthzIdentifier')) {
             $identifier = $user->getAuthzIdentifier();
         }
 
-        if (!Enforcer::enforce($identifier, $request->getPathInfo(), $request->method())) {
-            throw new UnauthorizedException();
+        if (empty($guards)) {
+            if (Enforcer::enforce($identifier, $request->getPathInfo(), $request->method())) {
+                return;
+            }
         }
 
-        return $next($request);
+        foreach ($guards as $guard) {
+            if (Enforcer::guard($guard)->enforce($identifier, $request->getPathInfo(), $request->method())) {
+                return Enforcer::shouldUse($guard);
+            }
+        }
+
+        throw new UnauthorizedException();
     }
 }

src/Models/Rule.php

@@ -17,6 +17,13 @@ class Rule extends Model
      */
     protected $store;
 
+    /**
+     * the guard for lauthz.
+     *
+     * @var string
+     */
+    protected $guard;
+
     /**
      * Fillable.
      *
@@ -28,9 +35,15 @@ class Rule extends Model
      * Create a new Eloquent model instance.
      *
      * @param array  $attributes
+     * @param string $guard
      */
-    public function __construct(array $attributes = [])
+    public function __construct(array $attributes = [], $guard = '')
     {
+        $this->guard = $guard;
+        if (!$guard) {
+            $this->guard = config('lauthz.default');
+        }
+
         $connection = $this->config('database.connection') ?: config('database.default');
 
         $this->setConnection($connection);
@@ -84,7 +97,6 @@ class Rule extends Model
      */
     protected function initCache()
     {
-        $driver = config('lauthz.default');
         $store = $this->config('cache.store', 'default');
         $store = 'default' == $store ? null : $store;
         $this->store = Cache::store($store);
@@ -100,8 +112,6 @@ class Rule extends Model
      */
     protected function config($key = null, $default = null)
     {
-        $driver = config('lauthz.default');
-
-        return config('lauthz.'.$driver.'.'.$key, $default);
+        return config('lauthz.'.$this->guard.'.'.$key, $default);
     }
 }