Laravel Roles and Permissions: Spatie, AuthorizeResource and Super Admin
HTML-код
- Опубликовано: 5 сен 2022
- The third part of a code review of an open-source repository called Skuul. This time, we're talking about roles and permissions, with seeders, controllers, and policies.
Laravel AuthorizeResource for Resource Controllers • Laravel AuthorizeResou...
Full Playlist of the Series: • Laravel Over-Engineeri...
- - - - -
Support the channel by checking out my products:
- My Laravel courses membership: laraveldaily.t...
- Laravel QuickAdminPanel: bit.ly/quickad...
- Livewire Kit Components: livewirekit.com
- - - - -
Other places to follow:
- My weekly Laravel newsletter: bit.ly/laravel-...
- My personal Twitter: / povilaskorop - Хобби
Something I like doing as well is storing those strings as contants rather than guessing what they are.
Then when you actually utilize it, your code can be far more clear and avoid any string mismatching issues
Eg:
Auth::user()->can(Permission::ORDER_UPDATE)
Big thanks! @LaravelDaily. This really helped me understand Roles and Permissions more deeply. Really appreciate this kind of content. Thank you!
Since he always returns true for superadmin, would it make more sense to do Gate::before?
Good catch!
Exactly Gate:before is the suitable one for the super-admin rather than waiting for the system to check all the abilities
You can use either Gate::before or Gate::after. In most cases Gate::before works fine.
But in a case where “super admin” shouldn’t be allowed to still bypass some rules (just like other users). You use Gate::after in such cases.
In such cases, you return either “true or null” from the authorization methods/checks that should always allow the “super admin”. Returning null allows it to check the Gate::after().
But for those checks where the “super admin” should also abide by the rules, you return “true or false” as always.
In summary, “Gate::before()” grants the “super admin” all permissions without exceptions while with “Gate::after()”, you can force even the super admin to be subject to some permissions.
@@josephajibodu2377 In this particular case, the Dev is not using the result of the previus authorization as it could be used. He is simply returning true/false. The gate after would run regardless of the previous results, and it's return will be the final value. As he is returning true in the gate, there is no reason to do all the other authorization, thus a better idea would have been to do this in Gate::before
Thank you for the explanation, roles and permission has been giving me a real headache
thank you man, i think this is really useful and beneficial for me. thank you and keep up the good work
How to handle following scenario:
Suppose I have "Build Your Own Role" functionality. And I provide the code user/developer to list of all the permission to build a role from the admin. How to handle permission or policy to allow updating own data or all user/model data. I've seen instances of adding && clause with ID in policy. But how about when any role can have any permission and still being validated.
The trick at the end is useful
It's really cool, props! Will you make a video using this structure in REST API too? And thanks for sharing
how to do dynamic roles and permission? In this video all the permissions are already define but I need dynamic permission names and check those permission to access or not?
Ooowh...lovely...
This is what I want... 🤩🤩🤩🤩
Just a note not relevant to the current video: I would like to thank Mr. Korop for the article on validation rules where he talks about the rule "sometimes", when a field may or may not exist and then the rule is applied.
Do you have any tutorial on how to use the team roles and permission?
removing the if statement at 2:36 would revoke permission to super admin since super admin role is checked at gate::after
Hi sir, I have a question. In my project, users have different roles based on their region. For example, a user might be an admin in Dubai, a manager in India, and a team lead in Saudi Arabia. How can I implement this functionality in Laravel?
It's not something I can answer in a short comment. But adding it to the future topics to discuss in future videos.
Can you make feature testing with it
Hey, could you make a video about laravel octane? Especially about cases where you have logic in constructors, because the constructor in octane is called only once?
I don't think many people in my audience would be interested in octane, it's actually needed by 0.01% of devs, in my opinion. There are better ways for optimization, octane is only a layer on top. Maybe in the future I will create a course about it.
Hi. Does this package is free? How about carbon and maatwebsite package? Could you explain what is post card. Tnhak you
It's all free, yes. Postcard means that you just may send a postcard in the mail.
Hey Povilas, have you done anything like this one for Bouncer?
No I haven't used bouncer for my projects
I need permissions that are like functions because my permissions are based on relationship between different resources with conplex ways to retrieve related elements
I'll prabably have to create a custom permission class that can compute permissions and return a boolean while being flexible to accept an overdoing functional input so I can inject new ways of checking for permissions
Thinking further I'll need a way to establish is two models are related. That is if there is a series of model hops that connect the two model instances. This way I don't have to hard code all the allowed relationships ahead of time and I can extend the relationship finder to accept overrides for some relationships
Some how I would need to build a model tree that knows of all all the models and there connections then use that to check instances if they have connections
Please can you make video for approval system multilevel
I had this video a few years ago: ruclips.net/video/GVzsSBl5yGM/видео.html
Please make video on wildcard permissions
I haven't used such thing as wildcard permissions.
Strange... I wonder why he is using firstOrCreate in the permissions seeder if he won't be assigning the "first" option to a variable, or maybe he meant to use updateOrCreate?
For testing purposes, to not throw errors if the role already exists
That is when I'm reseeding
That's something that your typical copy & paster would make. Just put the permissions & roles in one place and write a simple parser that would go through the items and seed them properly. Would have much less duplication.
Much better examples should be considered for such series. For example, laravel io website. Not particularly for authorization, but overall - you are teaching those who want to learn by showing something that someone as equal as the person learning this would do. Not the best example, therefore.
So you mean I should not review the junior code on this channel? That's my way/philosophy of explaining code - looking at REAL examples, sometimes not from the ideal ones, but valid ways to write code.
If you want to help and pick the best examples for me, providing the actual video script of what/how I should demonstrate and explain, email me povilas@laraveldaily.com - you would make my life much easier
@@LaravelDaily Why is "getting feedback" so hard for you to understand that it's just that - "a feedback that would help"? No need for this bitter type of "then do it yourself" attitude.
When I say that, it doesn't mean - stop doing CR for juniors, BUT involve better examples from time to time as well. It's mostly junior code all the time.
Not that I care, but if you do it, do it properly. We are here for feedback, not to do the dirty job for you - we don't act like we know better, that's just the nature of constructive feedback that you perceive.