roles icon indicating copy to clipboard operation
roles copied to clipboard

Published 20 hours ago verified publisher icon romanbican

Permission role issue?

Open RosiersRobin opened this issue 8 years ago • 3 comments

Hi,

I've faced an issue with the permissions for a role....

So I want to be able to use something like this: if(Auth::user()->can('acces.acp'))

That the user can access that page when permission_role has that perm.

Let me give an example.

User with ID 1 has no specified permissions in the permission_user table (wich I would use as a special table to grant exceptionel permissions to a single user).

BUT the user has the role with ID 2 wich is Developer in my case.

How can I use the permissions per role without the need to mention the name? Something like MyBB has.

So when I have the role Developer and the role of developer can access the ACP, like it's given in permissions table as access.acp and permission_role has that permission linked to the correct role_id, how would I be able to check this in my view?

RosiersRobin avatar Apr 04 '16 12:04 RosiersRobin

I don't know if I got it, but according to Middleware I think you just want to check if a User XY has THE permission to get a page.

Working with this kind of middlware is very easy, just assign permission to each view and make a redirect()->back() within your registered error handler for the documentated exceptions. Maybe make a flash to notify him.

Isfirs avatar Apr 08 '16 10:04 Isfirs

How can I work with it in a view? Since it's not for the routes to protect, BUT to display content to the users.

RosiersRobin avatar Apr 08 '16 10:04 RosiersRobin

Maybe you should add several services:

First a middleware on your web stack to redirect to your /bannedroute if the permission/role is attached. Then protect your /banned route from accidently get accessed with the bican/roles middleware, permission:banned or role:banned should do it. By that, any user trying to access it when NOT banned should get an error. You will have to handle this properly in your error handler and in your Controller (redirect back or something).

Working in a view is done with the Blade extensions. I don't know, why this is important, since for doing what you want are more or less routing exceptions.

If banned, always redirect there. If trying to access banned page AND NOT banned, redirect back, notify not-allowed flash

Isfirs avatar Apr 08 '16 11:04 Isfirs