laravel-acl icon indicating copy to clipboard operation
laravel-acl copied to clipboard

Published 20 hours ago verified publisher icon kodeine

Create permission for specific entity with id?

Open jaketoolson opened this issue 9 years ago • 10 comments
trafficstars

Is it possible to create a permission on an entity' id?

i.e. grant permission to a user on "posts" where id = 2?

jaketoolson avatar Dec 29 '15 06:12 jaketoolson

I was asking myself the same some time ago. Unfortunately, this doesn't seem possible at the moment. Would be a great enhancement imo.

chrisschaetzlein avatar Dec 29 '15 15:12 chrisschaetzlein

@christianbartels can't you just create permission for each entity?

boynet avatar Jan 11 '16 17:01 boynet

@boynet For small projects, this may be sufficient. But think about larger applications with hundereds of entities, this would quickly lead to a big mess.

chrisschaetzlein avatar Jan 12 '16 18:01 chrisschaetzlein

@boynet @jaketoolson can you please give me an example?

kodeine avatar Jan 31 '16 18:01 kodeine

I think @jaketoolson wants to be able to do something like this: Auth::user()->canUpdatePost(2) where "2" is the ID of a Post model. I don't think that's something you can currently achieve with laravel-acl (though it would be a great enhancement).

chrisschaetzlein avatar Feb 05 '16 14:02 chrisschaetzlein

I was describe and implement this feature for Entrust https://github.com/Zizaco/entrust/issues/298 but Entrust hasn't permission inheritance, so I don't like it much...

dlnsk avatar Feb 12 '16 19:02 dlnsk

@dlnsk you can easily do editOwnPost right now

$gate->define('editOwnPost', function ($user, $post) {
            if ($user->id !== $post->user_id) return false;
            if (!$user->havePermission('editOwnPost') return false;
            return true;
        });

see this https://github.com/kodeine/laravel-acl/issues/90#issuecomment-170644536

boynet avatar Feb 13 '16 15:02 boynet

@boynet thanks, I know. But it's not the same. Gate provide aplication level of abilities. It doesn't allow revoke ability from user and because it's not user level abilities we can't talk about inheritance. My opinion is that even small project needs roles, callbacks for abilities and inheritance but using database as storage is too hard for small projects, so I think that different providers would be very good solution. Yii allow to describe roles, abilities and inheritance as array in php file and it's very useful for small projects. I hope that my opinion will be heard by project maintainer.

dlnsk avatar Feb 13 '16 18:02 dlnsk

@dlnsk sorry I couldn't really get what you trying to do I leave it to other, just saying that with laravel-acl + laravel gate you can do anything including revoke ability from users

boynet avatar Feb 13 '16 19:02 boynet

sorry, I wasn't receiving notifications even though I'm subscribed to them.

Anyway, @kodeine , as @christianbartels said, having the ability to create permissions on entities would allow for a fine level of granularity.

Currently, being able to create permissions for users and roles is great. But said permissions are not specific enough. I need to be able to grant permissions on a per user/role basis for a specific entity. This allows me a lot more control.

The example given by @boynet is sort of in the right direction, however it's not dynamic enough to allow me to grant some users the same permission to edit a specific post via id.

jaketoolson avatar Feb 22 '16 03:02 jaketoolson