PHP Attributes were added in version 8.0 of the language, and it has been a misnomer for many developers. What are their benefits, and how can I use them?
This is a question that I have been asking myself since their release, and it was only recently that I found a use case for them. While working on a project needing API access, I decided to use Laravel Breeze and add a wrapper around Sanctums API Tokens instead of Jetstream. This led me down a path of figuring out how to best make the most out of the tokens themselves.
If you have used Laravel Jetstream before, you will know that you register permissions and token abilities in the Service Provider. This is an acceptable approach if you have a simplistic API. However, my needs were more complex than this - but not complex enough to need to set up OAuth.
Instead, I thought I would utilize the PHPs native enum structure, one of my common approaches when storing user roles. But enums aren't detailed enough, which poses a problem. I then stumbled across a fantastic and inspiring tutorial by Rob Fonesca. He wrote about how you can extend PHPs enums using Attributes. His use case was different from mine, but wow - my eyes were finally opened to a use case!
I needed to create a set of permissions that allowed user-created API tokens to have specific abilities. However, I wanted to enable the user to understand the permissions they were setting too. My first step was to create a basic enum:
enum Permission: string{ case ADMIN = 'ADMIN'; case EDITOR = 'EDITOR';}These two types of permissions have a clear-cut distinction. One should be able to do everything - while the other has more limited access. This is where I looked back to Robs' tutorial and implemented the description attribute.
use Attribute; #[Attribute]final readonly class Description{ public function __construct( public string $description, ) {}}I wanted my attributes to be immutable so that nothing could change them. So a readonly class made a lot of sense here, not that I need an excuse ...
Now all I had to do was add the attribute to my enum:
enum Permission: string{ #[Description('Admin users can perform any action.')] case ADMIN = 'ADMIN'; #[Description('Editor users have the ability to read, and update.')] case EDITOR = 'EDITOR';}This gave the information about each permission that I wanted the user to be able to understand. However, I was then faced with another problem. How can I store abilities? I knew enums only allowed strings or integers as cases, so what could I do?
Again, I found my answer in attributes - unexpectedly. If an attribute could be used to add a description, it could also be used to add other things. So I created another Attribute, called Abilities, that would take in an array of strings to have a free-form approach to listing them.
#[Attribute]final readonly class Abilities{ public function __construct( public array $abilities, ) {}}Now all I needed to do was add this to my enum, and I could set the token to an enum and use reflection to pull out the abilities while saving to the database.
enum Permission: string{ #[Key('admin')] #[Description('Admin users can perform any action.')] #[Abilities(['create','read','update','delete'])] case ADMIN = 'ADMIN'; #[Key('editor')] #[Description('Editor users have the ability to read, and update.')] #[Abilities(['read','update'])] case EDITOR = 'EDITOR';}Here is what I ended up with. I wanted a reference key to have a nicer string to reference. Now I could follow Robs' tutorial and implement a way to access these attributes.
trait CanAccessAttributes{ public static function abilities(BackedEnum $enum): array { $reflection = new ReflectionClassConstant( class: self::class, constant: $enum->name, ); $attributes = $reflection->getAttributes( name: Abilities::class, ); if (0 === count($attributes)) { return [Str::headline( value: strval($enum->value) )]; } return $attributes[0]->newInstance()->abilities; } public static function key(BackedEnum $enum): string { $reflection = new ReflectionClassConstant( class: self::class, constant: $enum->name, ); $attributes = $reflection->getAttributes( name: Key::class, ); if (0 === count($attributes)) { return Str::headline( value: $enum->value ); } return $attributes[0]->newInstance()->key; } public static function description(BackedEnum $enum): string { $reflection = new ReflectionClassConstant( class: self::class, constant: $enum->name, ); $attributes = $reflection->getAttributes( name: Description::class, ); if (0 === count($attributes)) { return Str::headline( value: $enum->value ); } return $attributes[0]->newInstance()->description; }}A simple trait to allow me to access all of the attributes I wanted. As my application was using Inertia, all I needed to do was pass a resource through in theHandlesInertia middleware so that my UI could access these permission everywhere in detail. I decided to create an API Resource for this, so that I could handle the formatting consistently.
/** * @property-read Permission $resource */final class PermissionResource extends JsonResource{ public function toArray(Request $request): array { return [ 'key' => $this->resource->key($this->resource), 'name' => $this->resource->name, 'value' => $this->resource->value, 'description' => $this->resource->description($this->resource), 'abilities' => $this->resource->abilities($this->resource), ]; }}I finally found a use case for attributes, all while building what I believe to be a great way to register this data in your application.
