macropay-solutions / laravel-crud-wizard-free
Free library for laravel/lumen crud operations including url query language
Installs: 135
Dependents: 1
Suggesters: 5
Security: 1
Stars: 12
Watchers: 3
Forks: 1
Open Issues: 0
pkg:composer/macropay-solutions/laravel-crud-wizard-free
Requires
- php: ^8.0
- ext-json: *
- ext-pdo: *
- maatwebsite/excel: ^3.1
- psr/log: ^1.0 || ^2.0 || ^3.0
Requires (Dev)
- illuminate/database: ^8.83
- illuminate/http: ^8.83
- illuminate/pagination: ^8.83
- illuminate/routing: ^8.83
- illuminate/validation: ^8.83
- phpunit/phpunit: ^8.5
- symfony/http-foundation: ^5.0
Suggests
- ext-pdo_mysql: *
- barryvdh/laravel-ide-helper: *
- laravel/framework: >= 8.0
- laravel/lumen-framework: >= 8.0
- macropay-solutions/laravel-crud-wizard-client-free: dev-production
- macropay-solutions/laravel-crud-wizard-decorator-free: dev-production
- macropay-solutions/laravel-crud-wizard-demo: dev-production
- macropay-solutions/laravel-crud-wizard-generator: dev-production
- macropay-solutions/maravel: dev-production
- macropay-solutions/maravelith: dev-production
- dev-production
- 5.0.6
- 5.0.4
- 5.0.3
- 5.0.2
- 5.0.1
- 5.0.0
- 4.3.4
- 4.3.3
- 4.3.2
- 4.3.1
- 4.3.0
- 4.2.7
- 4.2.6
- 4.2.5
- 4.2.4
- 4.2.3
- 4.2.2
- 4.2.1
- 4.2.0
- 4.1.1
- 4.1.0
- 4.0.1
- 4.0.0
- 3.5.6
- 3.5.5
- 3.5.4
- 3.5.3
- 3.5.2
- 3.5.1
- 3.5.0
- 3.4.25
- 3.4.24
- 3.4.23
- 3.4.22
- 3.4.21
- 3.4.20
- 3.4.19
- 3.4.18
- 3.4.17
- 3.4.16
- 3.4.15
- 3.4.14
- 3.4.13
- 3.4.12
- 3.4.11
- 3.4.10
- 3.4.9
- 3.4.8
- 3.4.7
- 3.4.6
- 3.4.5
- 3.4.4
- 3.4.3
- 3.4.2
- 3.4.1
- 3.4.0
- 3.3.0
- 3.2.5
- 3.2.4
- 3.2.3
- 3.2.2
- 3.2.1
- 3.2
- 3.1.9
- 3.1.8
- 3.1.7
- 3.1.6
- 3.1.5
- 3.1.4
- 3.1.3
- 3.1.2
- 3.1.1
- 3.1.0
- 3.0.1
- 3.0.0
- 2.0.1
- 2.0.0
- 1.1.3
- 1.1.2
- 1.1.1
- 1.1.0
- 1.0.0
This package is not auto-updated.
Last update: 2025-10-23 09:49:17 UTC
README
This is a stripped down version from the paid version Maravel rest wizard (for laravel/lumen >= 8 and maravelith/maravel >= 10).
Url query language lib for RESTful CRUD (micro) services using Lumen/Laravel 8-9-10-11-12 and Maravelith/Maravel >=10
This is not just another CRUD lib!
It has built in filtering capabilities that can be used for listing but also for mass deleting, so it could be called a CRUFD (create, read, update, filter and delete) lib instead.
I. Install
II. Start using it
III. Crud routes
III.1. Create resource
III.2. Get resource
III.3. List filtered resource
III.4. Update resource (or create)
III.5. Delete resource
I. Install
composer require macropay-solutions/laravel-crud-wizard-free
II. Start using it
NOTE
The lib contains a backward compatible fix for this issue laravel/framework#51825 (compatible with the fix from Maravelith/Maravel)
This will not cover the cases when the relation is instantiated in the model without calling the functions from the HasRelationship trait (or to be more precise, from HasCleverRelationships trait)! Those cases will still have this issue.
To cover also those cases, for example for HasManyThrough use in model anonymous class:
return new class ( $query, $farParent, $throughParent, $firstKey, $secondKey, $localKey, $secondLocalKey, $this // this is crucial ) extends HasManyThrough { public function __construct( Builder $query, Model $farParent, Model $throughParent, string $firstKey, string $secondKey, string $localKey, string $secondLocalKey, BaseModel $resourceModel ) { $this->setConstraintsStaticFlag($resourceModel); return parent::__construct( $query, $farParent, $throughParent, $firstKey, $secondKey, $localKey, $secondLocalKey ); } };
Register
\MacropaySolutions\LaravelCrudWizard\Providers\CrudProvider
\MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1 to solve CVE-2025-27515 security issue and laravel/framework#41734 (comment) issue (fixed in Maravel/Maravelith, so it is not needed). Note that after this any present key from the request will be validated even if it is empty string. See https://github.com/macropay-solutions/maravel-framework/wiki/Validation
\MacropaySolutions\LaravelCrudWizard\Http\Middleware\UnescapedJsonMiddleware::class in Lumen/Laravel or Maravel/Maravelith.
Create a constant in your code
class DbCrudMap { public const MODEL_FQN_TO_CONTROLLER_MAP = [ BaseModelChild::class => ResourceControllerTraitIncludedChild::class, ... ]; }
Use https://github.com/macropay-solutions/laravel-crud-wizard-generator to generate the model, service and controller or extend:
- BaseModel (it needs datetime NOT timestamp for created_at and updated_at columns)
- BaseResourceService
Create a Controller that uses ResourceControllerTrait and call $this->init();
from its __construct.
Optionally if you don't want to expose some models as resources but, you want to expose them as relation on an exposed resource then define in your Base Controller or ResourceController:
protected array $relatedModelFqnToControllerMap = [ RelatedBaseModelChild::class => RelatedResourceControllerTraitIncludedChild::class, ];
Active Record Segregation of Properties: for model attributes(columns) autocomplete and to avoid clashes with the model properties or relations:
-
extend BaseModelAttributes following the same FQN structure as the parent's:
\App\Models\ChildBaseModel paired with \App\Models\Attributes\ChildBaseModelAttributes \App\Models\Folder\ChildBaseModel paired with \App\Models\Folder\Attributes\ChildBaseModelAttributes
-
add in its class dock block using @property all the models properties/attributes/columns
-
add in the model's class dock block @property ChildBaseModelAttributes $a and @mixin ChildBaseModelAttributes
-
use
$model->a->
instead of$model->
(this will work without autocomplete even if you don't do the above)
Active Record Segregation of Properties: for model relation autocomplete and to avoid clashes with the model properties and attributes(columns):
-
extend BaseModelRelations following the same FQN structure as the parent's:
\App\Models\ChildBaseModel paired with \App\Models\Attributes\ChildBaseModelRelations \App\Models\Folder\ChildBaseModel paired with \App\Models\Folder\Attributes\ChildBaseModelRelations
-
add in its class dock block using @property-read all the models relations
-
add in the model's class dock block @property ChildBaseModelRelations $r and @mixin ChildBaseModelRelations
-
use
$model->r->
instead of$model->
(this will work without autocomplete even if you don't do the above) -
BaseModelFrozenAttributes can be also extended on the same logic and used for model read only situations - DTO without setters (Reflection or Closure binding usage will retrieve/set protected stdClass not Model - but the model can be retrieved from DB by its primary key that is readable in this frozen model):
#OperationModel example for BaseModelFrozenAttributes public function getFrozen(): OperationFrozenAttributes { return parent::getFrozen(); // this is needed for autocompletion and will include also the loaded relations // or return new OperationFrozenAttributes((clone $this)->forceFill($this->toArray())); // or just attributes without loaded relations return new OperationFrozenAttributes((clone $this)->forceFill($this->attributesToArray())); }
#OperationService example for BaseModelAttributes and BaseModelFrozenAttributes public function someFunction(): void { // BaseModelAttributes echo $this->model-a->value; // has autocomplete - will print for example 1 echo $this->model-a->value = 10; // has autocomplete - will print 10 echo $this->model->value; // has autocomplete - will print 10 // BaseModelFrozenAttributes $dto = $this->model->getFrozen(); echo $dto->client_id; // has autocomplete - will print for example 1 $dto->client_id = 4; // Exception: Dynamic properties are forbidden. if (isset($dto->client)) { /** @var ClientFrozenAttributes $client */ // $client will be an stdClass that has autocomplete like a ClientFrozenAttributes $client = $dto->client; echo $client->name; // has autocomplete - will print for example 'name' $client->name = 'text'; // NO Exception echo $client->name; // will print 'text' // $client changes can happen, but they will not be persisted in the $dto ($client is a stdClass clone) echo $dto->client->name; // will print 'name' echo $dto->client->name = 'text'; // will print 'text' echo $dto->client->name; // will print 'name' } foreach (($dto->products ?? []) as $k => $product) { /** @var ProductFrozenAttributes $product */ // $product will be an stdClass that has autocompletes like a ProductFrozenAttributes echo $product->value; // has autocomplete - will print for example 1 $product->value = 2; // NO Exception echo $product->value; // will print 2 // $product changes can happen, but they will not be persisted in the $dto ($product is a stdClass clone) echo $dto->products[$k]->value; // will print 1 echo $dto->products[$k]->value = 2; // will print 2 echo $dto->products[$k]->value; // will print 1 } }
Add this new resource to the above map.
Register the crud routes in your application using (for example in Laravel/Maravelith)
try { foreach ( ResourceHelper::getResourceNameToControllerFQNMap(DbCrudMap::MODEL_FQN_TO_CONTROLLER_MAP) as $resource => $controller ) { Route::get('/' . $resource, [$controller, 'list'])->name($resource . '.list'); Route::post('/' . $resource . '/l/i/s/t', [$controller, 'list'])->name($resource . '.post_list'); Route::post('/' . $resource, [$controller, 'create'])->name($resource . '.create'); Route::put('/' . $resource . '/{identifier}', [$controller, 'update'])->name($resource . '.update'); Route::get('/' . $resource . '/{identifier}', [$controller, 'get'])->name($resource . '.get'); Route::delete('/' . $resource . '/{identifier}', [$controller, 'delete']) ->name($resource . '.delete' . $resource); // Route::get('/' . $resource . '/{identifier}/{relation}', [$controller, 'listRelation']) // ->name($resource . '.listRelated'); // paid version only // Route::post('/' . $resource . '/{identifier}/{relation}/l/i/s/t', [$controller, 'listRelation']) // ->name($resource . '.post_listRelated'); // paid version only Route::get('/' . $resource . '/{identifier}/{relation}/{relatedIdentifier}', [$controller, 'getRelated']) ->name($resource . '.getRelated'); Route::put('/' . $resource . '/{identifier}/{relation}/{relatedIdentifier}', [$controller, 'updateRelated']) ->name($resource . '.updateRelated'); Route::delete('/' . $resource . '/{identifier}/{relation}/{relatedIdentifier}', [ $controller, 'deleteRelated' ])->name($resource . '.deleteRelated'); } } catch (Throwable $e) { \Illuminate\Support\Facades\Log::error($e->getMessage()); }
for example for Lumen/Maravel:
try { foreach ( ResourceHelper::getResourceNameToControllerFQNMap( DbCrudMap::MODEL_FQN_TO_CONTROLLER_MAP ) as $resource => $controllerFqn ) { $controllerFqnExploded = \explode('\\', $controllerFqn); $controller = \end($controllerFqnExploded); //$router->get('/' . $resource . '/{identifier}/{relation}', [ // 'as' => $resource . '.listRelated', // 'uses' => $controller . '@listRelation', //]); // paid version only $router->get('/' . $resource, [ 'as' => $resource . '.list', 'uses' => $controller . '@list', ]); //$router->post('/' . $resource . '/{identifier}/{relation}/l/i/s/t', [ // 'as' => $resource . '.post_listRelated', // 'uses' => $controller . '@listRelation', //]); // paid version only $router->post('/' . $resource . '/l/i/s/t', [ 'as' => $resource . '.post_list', 'uses' => $controller . '@list', ]); $router->post('/' . $resource, [ 'as' => $resource . '.create', 'uses' => $controller . '@create', ]); $router->put('/' . $resource . '/{identifier}', [ 'as' => $resource . '.update', 'uses' => $controller . '@update', ]); $router->get('/' . $resource . '/{identifier}', [ 'as' => $resource . '.get', 'uses' => $controller . '@get', ]); $router->delete('/' . $resource . '/{identifier}', [ 'as' => $resource . '.delete', 'uses' => $controller . '@delete', ]); $router->get('/' . $resource . '/{identifier}/{relation}/{relatedIdentifier}', [ 'as' => $resource . '.getRelated', 'uses' => $controller . '@getRelated', ]); $router->put('/' . $resource . '/{identifier}/{relation}/{relatedIdentifier}', [ 'as' => $resource . '.updateRelated', 'uses' => $controller . '@updateRelated', ]); $router->delete('/' . $resource . '/{identifier}/{relation}/{relatedIdentifier}', [ 'as' => $resource . '.deleteRelated', 'uses' => $controller . '@deleteRelated', ]); } } catch (Throwable $e) { \Illuminate\Support\Facades\Log::error($e->getMessage()); }
OBS
Set $returnNullOnInvalidColumnAttributeAccess = false;
in model if you want exception instead of null on accessing invalid model attributes or invalid relations (It also needs error_reporting = E_ALL in php ini file).
Set LIST_UN_HYDRATED_WHEN_POSSIBLE = true
in model if you want to skip eloquent hydration for list db query results; note that setting this to true will not append the primary_key_identifier on response. Also if you use casts or any logic that alters (conditionally or not) the attributes of the model, you should leave LIST_UN_HYDRATED_WHEN_POSSIBLE as false.
Set LIVE_MODE=false in your .env file for non prod environments.
Use Request::getFiltered macro to sanitize data retrieved from request
(string)\request('signature', '');
The above will throw Array to string conversion error for query: ?signature[]= The proper way of handling it before:
(string)\filter_var(\request('signature', ''), \FILTER_DEFAULT);
The new way of handling it:
(string)\request()->getFiltered('signature', '');
See also Laravel crud wizard demo
III. Crud routes
The identifier can be a primary key or a combination of primary keys with _ between them if the resource has a combined primary key!!!
see \MacropaySolutions\LaravelCrudWizard\Models\BaseModel::COMPOSITE_PK_SEPARATOR
III.1 Create resource
POST /{resource}
headers:
Authorization: Bearer ... // if needed. not coded in this lib
Accept: application/json
ContentType: application/json
body:
{
"column_name":"value",
...
}
Json Response:
201:
{
"column_name":"value",
...
}
400:
{
"message": "The given data was invalid.", // or other message
"errors": {
"column_name1": [
"The column name 1 field is required."
],
"column_name_2": [
"The column name 2 field is required."
],
...
}
}
The above "errors" are optional and appear only for validation errors while "message" will always be present.
III.2 Get resource
GET /{resource}/{identifier}?withRelations[]=has_manyRelation&withRelations[]=has_oneRelation&withRelationsCount[]=has_manyRelation&withRelationsExistence[]=has_manyRelation
GET /{resource}/{identifier}/{relation}/{relatedIdentifier}?withRelations[]=has_manyRelation&withRelations[]=has_oneRelation&withRelationsCount[]=has_manyRelation&withRelationsExistence[]=has_manyRelation
headers:
Authorization: Bearer ... // if needed. not coded in this lib
Accept: application/json
Use POST LIST requests if the identifier contains sensitive data
Json Response:
200:
{
"identifier":"value",
"column_name":"value",
...
"index_required_on_filtering": [
"column_name_1",
"column_name2"
],
"has_oneRelation":{...},
"has_manyRelation":[
{
"id": ...,
"name": "...",
"pivot": {
"key1": 25,
"key2": 5
}
}
],
"has_manyRelation_count": 0,
"has_manyRelation_exist": false
}
400:
{
"message": ...
}
The identifier can be composed by multiple identifiers for pivot resources that have composite primary key. Example:/table1-table2-pivot/3_10
The relations will be retrieved as well when required. The relation keys CAN'T be used for filtering!!!
index_required_on_filtering
key CAN'T be used for filtering.
pivot
is optional and appears only on relations that are tied via a pivot.
III.3 List filtered resource
GET /{resource}?page=1&limit=10&column=2&sort[0][by]=updated_at&sort[0][dir]=ASC&withRelations[]=has_manyRelation&withRelations[]=has_oneRelation&withRelationsCount[]=has_manyRelation&withRelationsExistence[]=has_manyRelation
POST /{resource}/l/i/s/t
GET /{resource}/{identifier}/{relation}?... // available only in paid version
POST /{resource}/{identifier}/{relation}/l/i/s/t // available only in paid version
Advanced filters and aggregations are available only in the paid version
headers:
Authorization: Bearer ... // if needed. not coded in this lib
Accept: application/json or application/xls
Content-Type: application/json OR application/x-www-form-urlencoded // for POST
Body for POST:
{"page":"1","limit":"10","column":"2","sort":[{"by":"updated_at","dir":"ASC"}],"withRelations":["has_manyRelation","has_oneRelation"],"withRelationsCount":["has_manyRelation"],"withRelationsExistence":["has_manyRelation"]}
OR
page=1&limit=10&column=2&sort[0][by]=updated_at&sort[0][dir]=ASC&withRelations[]=has_manyRelation&withRelations[]=has_oneRelation&withRelationsCount[]=has_manyRelation&withRelationsExistence[]=has_manyRelation
Use POST requests if GET returns this error message: Request Header Or Cookie Too Large
or if the filters contain sensitive data
Json Response:
200:
{
"index_required_on_filtering": [
"column_name1",
"column_name2"
],
"current_page": 1, // not present when cursor is present in request
"data": [
{
"identifier":"value",
"column_name":"value",
...,
"has_oneRelation":{...},
"has_manyRelation":[
{
"id": ...,
"name": "...",
"pivot": {
"key1": 25,
"key2": 5
}
}
],
"has_manyRelation_count": 0,
"has_manyRelation_exist": false
}
],
"from": 1, // not present when cursor is present in request
"last_page": 1, // not present when cursor is present in request or when simplePaginate is true in controller or present in request
"per_page": 10,
"to": 1, // not present when cursor is present in request
"total": 1, // not present when cursor is present in request or simplePaginate is true in controller or present in request
"has_more_pages": bool,
"cursor": "..." // present only when cursor is present in request
}
and for application/xls: binary with contents from data
The reserved words / parameters that will be used as query params are:
page,
limit,
simplePaginate
cursor,
sort,
withRelations,
withRelationsCount,
withRelationsExistence,
Defaults:
page=1;
limit=15;
simplePaginate is false by default and only its presence is checked in request, not its value
cursor is not defined
sort[][dir]=DESC
Obs.
index_required_on_filtering key CAN'T be used for filtering.
use ?cursor= for cursor pagination and ?simplePaginate=1 for simplePaginate. Use none of them for length aware paginator.
if \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class is used use ?cursor=1 instead of emtpy string
sort works also on aggregated colums for relation count and existence
withRelations which uses with function does not load morphable relations in laravel/Maravelith. BaseResourceService::addRelationsToExistingModel can be used for those or loadMorph.
III.4 Update resource (or create)
PUT /{resource}/{identifier}
PUT /{resource}/{identifier}/{relation}/{relatedIdentifier}
headers:
Authorization: Bearer ... // if needed. not coded in this lib
Accept: application/json
ContentType: application/json
body:
{
"column_name":"value",
...
}
Json Response:
200 | 201:
{
// all resource's fields
}
400:
{
"message": "The given data was invalid.", // or other message
"errors": {
"column_name": [
"The column name field is invalid."
],
...
}
}
The above "errors" are optional and appear only for validation errors while "message" will always be present.
The identifier can be composed by multiple identifiers for pivot resources that have composite primary key (and empty string primary key in their model). Example:/resources/3_10
Update is not available on some resources.
UpdateOrCreate is available on resources that have their model defined with incrementing = false ONLY if the request contains all the keys from the primary key (found also in function getPrimaryKeyFilter).
Update will validate only dirty columns, not all sent columns, meaning the update can be made with all columns of the resource instead of just the changed ones.
III.5 Delete resource
DELETE /{resource}/{identifier}
DELETE /{resource}/{identifier}/{relation}/{relatedIdentifier}
headers:
Authorization: Bearer ... // if needed. not coded in this lib
Json Response:
204:
[]
400:
{
"message": ...
}
Delete is not available by default.