VOOZH about

URL: https://deepwiki.com/hypervel/permission/4.1-database-migrations

⇱ Database Migrations | hypervel/permission | DeepWiki

Loading...
Loading...
Menu

Database Migrations

This document describes the database migration file that creates the five permission tables required by the Hypervel Permission package. It covers the table structures, indexes, polymorphic relationships, and the is_forbidden mechanism for negative permissions.

For information about the Eloquent models that interact with these tables, see Role Model and Permission Model. For details on configuring the database connection, see Configuration Reference. For instructions on running the migration, see Installation and Setup.

Migration Overview

The permission system uses a single migration file located at database/migrations/2025_07_02_000000_create_permission_tables.php11-89 that creates five interrelated tables:

Table NamePurposeType
rolesStores role definitions with guard supportEntity table
permissionsStores permission definitions with guard supportEntity table
role_has_permissionsAssociates permissions with rolesPivot table
owner_has_permissionsDirectly assigns permissions to any entityPolymorphic pivot table
owner_has_rolesAssigns roles to any entityPolymorphic pivot table

The migration extends Hypervel\Database\Migrations\Migration and implements both up() and down() methods for proper rollback support.

Sources: database/migrations/2025_07_02_000000_create_permission_tables.php11-89

Database Connection Configuration

The migration uses a configurable database connection via the getConnection() method:



This method checks the configuration at permission.storage.database.connection and falls back to the default framework connection if not specified. This allows the permission tables to be stored in a separate database if needed.




Sources: database/migrations/2025_07_02_000000_create_permission_tables.php15-19




Table Structures


Roles Table


The roles table stores role definitions:




Key characteristics:



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php28-35


Permissions Table


The permissions table stores permission definitions:




Key characteristics:



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php37-43


Role-Has-Permissions Pivot Table


The role_has_permissions table creates many-to-many relationships between roles and permissions:




Key characteristics:



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php44-53


Owner-Has-Permissions Polymorphic Pivot Table


The owner_has_permissions table enables direct permission assignment to any entity type:




Key characteristics:



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php55-64


Owner-Has-Roles Polymorphic Pivot Table


The owner_has_roles table assigns roles to any entity type:




Key characteristics:



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php66-74




Complete Database Schema


The following entity-relationship diagram shows how all five tables interconnect:




Sources: database/migrations/2025_07_02_000000_create_permission_tables.php28-74




Indexing Strategy


The migration implements a comprehensive indexing strategy to optimize query performance:


Primary Indexes











































TableIndex TypeColumnsPurpose
rolesUniquenameEnforce unique role names
permissionsUniquenameEnforce unique permission names
role_has_permissionsComposite Primary(permission_id, role_id)Unique permission-role pairs
owner_has_permissionsComposite Primary(permission_id, owner_id, owner_type)Unique owner-permission pairs
owner_has_rolesComposite Primary(role_id, owner_id, owner_type)Unique owner-role pairs


Secondary Indexes




















































TableColumnsPurpose
roles(name, guard_name)Fast lookups by name and guard
permissions(name, guard_name)Fast lookups by name and guard
role_has_permissionsrole_idEfficient role → permissions queries
role_has_permissionspermission_idEfficient permission → roles queries
owner_has_permissionsowner_idFast owner → permissions lookups
owner_has_permissionspermission_idFast permission → owners lookups
owner_has_rolesowner_idFast owner → roles lookups
owner_has_rolesrole_idFast role → owners lookups




Sources: database/migrations/2025_07_02_000000_create_permission_tables.php34-73




Polymorphic Relationships


Both owner_has_permissions and owner_has_roles tables use polymorphic relationships via Laravel's morphs() method:




How it works:


    

  • owner_type: Stores the fully-qualified class name of the entity (e.g., App\Models\User)
    • 

  • owner_id: Stores the primary key value of that entity
    • 

  • Together, they create a compound foreign key to any table
    • 



This design allows:


    

  • Users to have permissions and roles
    • 

  • Teams to have permissions and roles
    • 

  • Organizations to have permissions and roles
    • 

  • Any custom entity to have permissions and roles by using the HasPermission and HasRole traits
    • 



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php57-68




The is_forbidden Mechanism


The is_forbidden boolean flag in role_has_permissions and owner_has_permissions enables negative permissions (explicit denials):




Key behaviors:


    

  1. In role_has_permissions: A role can have a permission explicitly forbidden database/migrations/2025_07_02_000000_create_permission_tables.php47
    2. 

  2. In owner_has_permissions: An owner can have a permission explicitly forbidden, overriding role-based permissions database/migrations/2025_07_02_000000_create_permission_tables.php58
    3. 

  3. Precedence: Direct owner permissions (including forbidden) take precedence over role-based permissions
    4. 

  4. No forbidden roles: The owner_has_roles table does not have an is_forbidden flag—roles are either assigned or not
    5. 



Use case example:


    

  • A user has the "editor" role, which grants "edit-posts" permission
    • 

  • The user is explicitly forbidden from "edit-posts" via owner_has_permissions with is_forbidden = true
    • 

  • Result: The user cannot edit posts (direct denial overrides role permission)
    • 



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php47-58




Migration Lifecycle


Up Migration


The up() method creates all five tables in sequence:




Process:


    

  1. Retrieves the configured database connection database/migrations/2025_07_02_000000_create_permission_tables.php26
    2. 

  2. Creates entity tables first (roles, permissions) database/migrations/2025_07_02_000000_create_permission_tables.php28-43
    3. 

  3. Creates pivot tables that reference entity tables database/migrations/2025_07_02_000000_create_permission_tables.php44-74
    4. 



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php24-75


Down Migration


The down() method drops all tables in reverse order:




Process:


    

  1. Retrieves the configured database connection database/migrations/2025_07_02_000000_create_permission_tables.php82
    2. 

  2. Drops pivot tables first (to avoid foreign key constraint issues) database/migrations/2025_07_02_000000_create_permission_tables.php83-85
    3. 

  3. Drops entity tables last database/migrations/2025_07_02_000000_create_permission_tables.php86-87
    4. 

  4. Uses dropIfExists() for safe idempotent rollback database/migrations/2025_07_02_000000_create_permission_tables.php83-87
    5. 



Sources: database/migrations/2025_07_02_000000_create_permission_tables.php80-88




Migration Execution


To execute this migration after installation:




To rollback:




The migration file is automatically published when you run php bin/hyperf.php vendor:publish hypervel/permission, as configured in the package's service providers. For complete installation instructions, see Installation and Setup.


Sources: database/migrations/2025_07_02_000000_create_permission_tables.php1-90