Im working on an app that lets you create groups (lets keep it simple). Im using Laravel 6 and I already have authentication and authorization.
Now, I want to assign roles of Administration or Member to a user, only to specific groups. Example:
User A is an Admin for group A. (Can assign other user as Admin)
User A is only a member in group B. (Can only see group information)
User A is an Admin for group C. (Can assign other user as Admin)
Ive already tried Spatie, but it is working as general porpouses only.
Is there a way I can tweak this, any idea, article. I was also reading about Spatie - Policies
Any help provided is well received.
Thanks to #delena-malan for the comment and solution. It was possible for me to achieve this goal.
Ok, what I did was:
Install package of course and set it up
You are able to configure roles and permissions in controller or by seeder (As you want - No conflicts for me at all)
Get instance of Model #1 and #2 (My case User and Group)
Define abilities for User in Group
Check if User has one ability on defined Group
Ready to go
Ex:.
Bouncer::allow($user)->to('assign-admin', $group);
$boolean = $user->can('assign-admin', $group);
Related
I am creating one multi-tenant app in Laravel with Single Database and thinking to use laravel-permission package by spatie.
My Requirement is pretty straightforward, I want my tenants to create their own Roles, whereas permissions will be managed by Super Admin only.
My problem is when I was trying using, It worked for 1st client but 2nd time it gives error:
A role 'Admin' already exists for guard 'admin'.
As I mentioned client can create roles, so they can crate duplicate roles.
Please recommend better approach or package or should I try writing custom code.
Any help appreciated!
Because the name is indexed in the role table, you cannot create a duplicate role name, I ask you not to change the package, but in case you have 2 ways to handle this
1- unindex the name collemn or disable unique feature, and add you tenant id to table so by do this you can manage and get right role for each tenant
2- add another table to manage your sub role (tenant role) and connect you sub role with master role by id
I would consider using a hidden prefix: on the roles and permissions that would scope them to a particular tenant. So for example:
Roles
system:admin
tenant_a:admin
tenant_b:admin
Permissions
system:creates-roles
system:reads-roles
tenant_a:creates-roles
tenant_a:reads-roles
The prefix would not be assignable by a Tenant, the system would automatically assign that based on the User. However, if you're a System Admin (i.e. Super Admin) then you could create/view/assign a prefix in order to manage the roles and permissions.
This would require you to write some custom logic for handling the prefix, however, it is pretty flexible (you could nest unlimited identifiers - a:b:c:d:e etc.) and doesn't require you to go messing with any underlying packages (i.e. laravel-permissions).
what I want to create is Laravel 5.2 Admin and there are around 200 users who will use it with different permissions, so you can say 200 roles with different permissions.
I was planning to eliminate the role part from the picture and create some slug based mechanism, slugs will be related to controller public functions in short routes.
In Admin panel superuser will be able to assign permissions to user on controller functions with slugs.
Is this possible with any existing laravel package currently? If not then what will be the optimal solution you guys propose.
I always use Spatie Package, it is very flexible. You can manage role & permissions or only permissions. It is full of functions that make it easy. Check the documentation.
spatie-laravel-permission
since laravel's built in authentication uses user model? For example I want to separate the admin from the user so I will build two different layers in my application, the admin and the user. How can I achieve this to laravel since it's default auth uses users table and user model?
In my opinion, there's no real need to separate the two. Administrators and typical users can exist on the same database table, because they are both users but can have different permissions.
It seems like you're just looking for a typical permissions system (ACL). There's multiple packages available that can help you handle this.
Orchestra Auth
Sentinel
Entrust
Normally as an admin is still an user you give them a role column and let say you have : users, moderators and admins. Then you got role 0,1,2 for them. Just make it an enum and if you need to check in Laravel use : Auth::user()->role == 2 for example of admin rights :)
I'm developing a Joomla 3 website, where registered users can belong to several groups of interests (music, theater, technology, and so on).
I would like to give permission to my client to edit users by placing them in groups he desired. For example: user 1 can be in music and theater group; user 2 just registered (no group) and user 3 in technology group. Unfortunately the only permission that Joomla 3 allows you to edit users is the Administrator, but if I give this permission to my client, he will be able to edit articles, themes and other features that I do not want it to edit.
How can I create an access level that can manage only users list?
Thank you and sorry about my english.
Create a new group, assign that group only permission for managing users and whatever else you want and assign your users to that group but not admin.
As a short answer, if you don't want you client to be administrator, you can assign him to the manager user-group.
Then go into the Users Manager Component and click the Options button to go into its configuration page.
There you can override the Permissions Settings for the Users Manager component, so the Managers users will be allowed to Access Administration Interface of the component.
You will have the change the respective setting from inherit to allowed.
Of course if needed, you can create a complete custom ACL, with special usergroups for your users that will have certain accessibility and permissions.
But be careful, because ACL sometimes can be confusing and you might end up with a total mess.
My Understandings
I know we can add Group with some permissions and then we can create users with some permissions and finally we can add users to multiple permissions Groups. We can call these groups as roles as well. This is fairly simple.
The Real Problem
suppose we have teams and team members modules. A user "abc" is a member of multiple teams A, B, C. In team A the user's role is TeamLead. In team B his role is Assistant and in team C his role is NormalMember.
Now the problem is every one can see the list of teams. We need to display the Edit and Delete icons against each team. but only the authorise user can see the edit or delete link based on their role in the team inside a loop.
This is something linked with adding/removing roles or permissions on the fly.
Do you have any idea that how can I achieve this? how can I check permissions inside a loop with different roles in different teams.
Thanks in advance.
regards.
you can check whether the group is assigned to the user and accordingly show the buttons
Also use has_access attribute of sentry while defining route. In this case you can limiting the access of route itself if user try to access edit or delete functionality through url