I have 4 types of users using my system: 1.Super Administrator 2.Super Administrator Team, 3.Administrator and 4. Management Team Members,
Because I use spatie to handle roles and permissions, I have a set of modules (permissions) that are common to all types of users, and another set of modules (permissions) that are only for super admins, like payment methods, etc. .
Now, once my database is seeded for permission, do I have to seed it all at once? ['contacts','email','bids'] comes with network shields (but I'm a bit confused about the exact usage of shields and how they work), so admins can only access from these allowed permissions Assign permissions to his team However, for SuperAdmin, should I create other permission sets using SuperAdminGuard? I want to know what is the best practice.
Use case: Super Administrator First log in to the system and then decide from the list which permissions should be granted to the administrator.
2. The administrator logs into the system and assigns which set of permissions will be granted to his team, but the administrator will not be able to view the list of permissions that the super administrator has.
I hope I have made my point clear, please let me know the appropriate way to implement it.
P粉7369355872023-11-15 10:44:18
I guess you are using a model which is users and assigning permissions directly to users. Here is my approach So, what you can do is, you can first create a role and grant the appropriate permissions to the role and then assign the role to the user.
First, assign permissions to the role
$role->syncPermissions(['permission-1', 'permission-2', '...']);
Now, synchronize roles with users
$user->assignRole('writer');
// Or, you can also assign multiple roles
$user->assignRole('writer', 'admin');
These are built-in spatie middlewares that you can write in app/Http/Kernel.php
protected $routeMiddleware = [
// ...
'role' => \Spatie\Permission\Middlewares\RoleMiddleware::class,
'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
];
Now you can use "role" middleware in routing to protect,
// for superadmin
Route::group(['middleware' => ['role:superadmin']], function () {
//
});
// for admin
Route::group(['middleware' => ['role:admin']], function () {
//
});
// Or with multiple roles
Route::group(['middleware' => ['role:superadmin|admin']], function ()
{
//
});
...
So, now you need to get permissions for a specific role i.e. Super Admin or Administrator. Here's what you can do,
// get all permissions associated with a role
$role->permissions;
// get specific columns of permissions
$role->permissions->pluck('name');
In addition, you can also get the user role this way
auth()->user()->roles;
// Or get only role names
auth()->user()->getRoleNames();
// Or check if user has a specific role
auth()->user()->hasRole('admin')
One more thing, for super administrator, you don't need to get permissions from role, you can get all permissions directly. And since the super administrator has access to the entire system, you can bypass the super administrator's permission check by doing this,
use Illuminate\Support\Facades\Gate;
class AuthServiceProvider extends ServiceProvider
{
public function boot()
{
$this->registerPolicies();
// Implicitly grant "Super Admin" role all permissions
// This works in the app by using gate-related functions like
// auth()->user->can() and @can()
Gate::before(function ($user, $ability) {
return $user->hasRole('superadmin') ? true : null;
});
}
}
Hope it helps you:)