I am using Spatie roles and permission package.
I have assigned permission to roles.
It stores in role_permission table
now i want to delete permission from role
i have tried
$role = Role::find($id);
$role->revokePermissionTo($request->permission_id);
but roles also get deleted from roles table
$role->revokePermissionTo() accepts Permission object or array and Permission name string or name string array. But you are passing the permission_id. That could be the issue.
You can try fetching the Permission object by permission_id first and pass it to the revokePermissionTo().
See the function signature here:
https://github.com/spatie/laravel-permission/blob/be87e2918a9fad30e5257bc336c89225c3e6eb5a/src/Traits/HasPermissions.php#L384
Related
i m trying to replicate role in roles tables using laravel-spatie-permission,
like i have already abc role with api guard , but i want to create same role with same permission , but it's throwing error like a role 'abc' already exists for guard 'api', so my question is is there any way that we can create same role with same permission ?
Thanks you
Even if it's possible don't create two roles with the same name instead you can do is to add a new column in your roles table with the name of DisplayName or any name that you want.
and on that you can add same same name for your roles but keep the original name column unique.
then show DisplayName to the user instead of name column
Good Evening, it is possible that in SPATIE-LARAVEL-PERMISSION the following:
Some function or way that I receive an id of a Role and with that id I list all the permissions that are assigned to that role. I'm looking but I didn't find an answer. sorry for the inconvenience thank you
As described here in the docs, you can get all permissions of a role with the permissions relation
use \Spatie\Permission\Models\Role;
Role::find($id)->permissions;
I am new to Laravel and I want to make data in my database available via RESTFUL API. I need to control permissions of data objects with field level specificity. I was curious what is the idiomatic way to do this in Laravel?
For example, I will have a database table called PrintMachine that has the fields Id,MachineName,ActivityStatus,ManufacturingYear. I want to assign the following permissions:
Web Administrators get Read and Edit access to all records and all fields in PrintMachine
Factory Managers get Read and Edit access to the PrintMachine.MachineName and PrintMachine.ActivityStatus fields for all records and get no access to any other fields in PrintMachine.
Floor Operators get Read access to the PrintMachine.MachineName field for all records and get no access to any other fields in PrintMachine.
People told me to consider Spatie Module and also read Gates and Policies, but it's not clear how either achieves field level permissions on their own.
The other option I was considering was to custom create my own solution by:
for GET requests, create three ViewModels called PrintMachineAdmin,PrintMachineManager,PrintMachineOperator, each class with properties accessible to the corresponding roles.
for POST/PUT requests, I'll have to write my own conditional statements to validate data based on the users roles
Is there a more idiomatic way to develop the a feature for field level permissions for restful apis?
So many options. An implementation of role and permission structure can achieve this and you can most certainly do this via the Spatie Module.
Eg adapted from spatie documentation:
$role = Role::create(['name' => 'Manager']); //db has roles table
//or if already created
//$role = Role::where('name', 'Manager')->first();
$permission = Permission::create(['name' => 'edit PrintMachine.MachineName']); //db permissions table
$role->givePermissionTo($permission); //now manager role has been assigned permission to edit machine name.
//assigning role to user
$user = User::create(['name'=> 'Manager User']); //or get existing
$user->assigneRole($role); //now this user has edit access to machine name
//to see if user has access
if( $user->hasPermissionTo('edit PrintMachine.MachineName') )
//do efit
//OR if you want to check using role
if( $user->hasRole('Manager')
//do manager stuff
//and in view you can use #can blade directive
#can( 'edit PrintMachine.MachineName' )
//authenticated user can edit machine name //show edit button/form
#endcan
//similarly #role directive will do the check using role
For super admins in AuthServiceProvider's boot method.
Gate::before(function ($user, $ability) {
return $user->hasRole('Super Admin') ? true : null;
});
Gate's before method precedes all other gate operations so all other permissions can be overridden here.
I have Model name Project and User by using laravel relationship.
- project and user using many to many relationship.
What i want is using laravel authentication giving roles to the user base on project.
Which mean :
user "Ali" have role "admin" in project "project a" ,
but in project "project b" the user "Ali" role is "member".
How can i implement it?
Problem fixed :
My solution is add additional data inside the project_users pivot table store as string role.
When create new project and add with additional data using :
$user->projects()->save($project, ['role' => 'Manager']);
When need to call it :
$user_role = $user->projects()->where('user_id', $user['id'])->first()->pivot->role;
It will return a string 'Manager'
and use it to assign the role.
$user->syncRoles($user_role);
Look at the following links which will help you to achieve it.
https://github.com/spatie/laravel-permission
https://www.itsolutionstuff.com/post/laravel-56-user-roles-and-permissions-acl-using-spatie-tutorialexample.html
You can add the Role data e.g. role_id with a separate Role table or just role in Project To User Pivot Table project_users and retrieve the role info from this relationship.
Check out this Saving Additional Data On A Pivot Table section at Update Many To Many Relationship Laravel Documentation.
I'm currently working on a Laravel project that is somewhat multi-tenant.
An administrator will be creating companies that are essentially the tenants, but a user can be part of multiple companies, each with a role or assigned individual permissions.
To make things more complex, a user can also be assigned to a project with a role, which will give them access to that project even if they aren't part of that project.
A user will be able to see all of their data that they're tied to on the same portal, so there is no switching tenants.
So permissions are getting awfully confusing with all the relationships.
The following are tables that I forsee being needed to set up the relationships like this:
user:
id
user_role (used for assigning admin users):
user_id
role_id
company:
id
user_company:
id
user_id
company_id
role_id
user_company_permission:
id
user_company_id
permission_id
permission:
id
name
role:
id
name
permission_role:
id
permission_id
role_id
project:
- id
- (other project related information)
project_user:
- id
- project_id
- user_id
- role_id
So basically, is there any easy way to manage all of these permissions?
It would be nice if when checking permissions, it would default check all user's companies and projects, but if one is passed in it limits it to that company or project.
I've looked into some permission plugins but I can't find anything that seems to suit my issue easily.
If the permissions of each role don't have to be dynamic you might be able to replace the role and permission tables with a Policies. Just add a role field to the user_company table (I would personally make it a string to be easier to read).
Then in the CompanyPolicy you can run checks like this:
/**
* Determine whether the user can view the object.
*
* #param \App\User $user
* #param \App\Company $company
* #return mixed
*/
public function view(User $user, Company $company)
{
$allowedRoles = ['admin', 'someotherrole'];
return $user->companies()->wherePivotIn('role', $allowedRoles)->count() > 0;
}
If later you do require dynamic permissions you could still add them in addition to this method and check the individual permissions before checking the role.