We are developing an application using larval spark
A user will be able to invited to multiple teams.
With in each team there are a number of venues, we want each user to have specific permissions for that venue.
I.E User will have the edit-venue-details permission for venue A but not for Venue B
Is there a way of linking Spatie permissions to an ID? So we can validate on a per venue basis.
Otherwise if we give a user edit-venue-details permission it will be valid for all of the sites, users will not have the same permissions on each venue.
Spatie/laravel-permission is more concern with high-level permission/roles over certain features
Where the concept you are referring to is known as Model Policies which Laravel implements by default you may find more details in https://laravel.com/docs/5.8/authorization#generating-policies
Find this example maybe it will make it clearer,
https://github.com/drbyte/spatie-permissions-demo/blob/master/app/Policies/PostPolicy.php
Related
what I want to create is Laravel 5.2 Admin and there are around 200 users who will use it with different permissions, so you can say 200 roles with different permissions.
I was planning to eliminate the role part from the picture and create some slug based mechanism, slugs will be related to controller public functions in short routes.
In Admin panel superuser will be able to assign permissions to user on controller functions with slugs.
Is this possible with any existing laravel package currently? If not then what will be the optimal solution you guys propose.
I always use Spatie Package, it is very flexible. You can manage role & permissions or only permissions. It is full of functions that make it easy. Check the documentation.
spatie-laravel-permission
Since I had problem with Passport multi auth, I wonder is it necessary to have an admin guard (and an admins table) or it's better to use the default guard (and users table) for both admins and users with the help of role and permissions? Which is better?
That's a really hard question to answer without more information, but I'll try looking at it from a few perspectives:
You have an application that has users that can turn into admins (and vice-versa)
In this situation, I would probably have a single table that contains an is_admin column and use the column to validate whether the user can perform administration tasks (e.g. by using Laravel's gates). The downside to this is that if you wanted to create a third type of user (e.g. supervisor), you would need to change the model used.
You have an application where users are completely separate from administrators
If you control the administrators and everyone else is just a user, creating separate guards could be used, this does allow for a lot of flexibility in the future if you wanted to implement different authentication flows for both administrators and users (for example, using SAML). If you were to add a third type of user (e.g. supervisor), you could then just create another guard.
You have an application that can have different (customisable) permissions for each user
In this case I would recommend implementing a roles table, a permissions table, a role_permissions table and adding a column called role_id to the user table. This provides the most flexibility and is also usable with the Laravel's gate system, but is probably the most difficult to setup and hardest to maintain.
For the application I develop, we use a mixture of roles and guards. We use roles for users as each user gets a customisable set of permissions. We then use a separate guard for API users which inherit the permissions of the user they were authenticated with.
Using Laravel Spark, is there a way to -- either via UI or programmatically -- assign a team role to an invited user?
That is, Laravel Spark doesn't allow admins to create users. Instead, a owner user invites them. This creates an entry in the invitations table, and sends an email URL to the potential user. Users can then follow this URL, and sign up for a user account. Once they've signed up, an admin can change their role via UI.
Laravel Spark lets you set a default role for all invited users. What I want to know is: Does Laravel Spark provide a mechanism that would let me invite user A and have them end up with role B, and invite user C and have them end up with role D.
I can think of a number of ways to achieve this myself with custom code, but before I do that I want to know if this wheel's been invented.
Spark Roles is useful as it will allow you to assign user roles/permissions as the user signs up and/or is assigned to a team. https://github.com/centrality-labs/spark-roles
I'm building a Laravel site that has multi-tenant capability. Each tenant (which I'll call a "site," as in a physical location, from here on out) can have multiple users, and some users can be associated with multiple sites; hence I have a many-to-many relationship between my sites and users table, with the required intermediate site_user table to handle the relationships. So far so good.
I'm also using Entrust to handle three classes of users - owner, admin, and user. In theory, each user should have roles per site. That means that User 1 may have the admin role on Site A, but only the user role on Site B. If I follow the Entrust docs, I'm told to attach a role to a user. But that won't work for me, because if I associate User 1 with Site A and Site B and make him an admin he would then be an admin for Site A and Site B. Conceptually I feel like the role should be attached to the intermediate site_user table somehow, perhaps as another field on that table, but I'm not sure how I'd retrieve that field. Another possibility that came to mind was putting a many-to-many relationship between that intermediate table and the roles table, in effect creating a role_site_user table, but again I'm not sure how I'd actually retrieve that information. Has anyone ever tried what I'm suggesting and have a good way to generate per-tenant roles and permissions for a user?
since laravel's built in authentication uses user model? For example I want to separate the admin from the user so I will build two different layers in my application, the admin and the user. How can I achieve this to laravel since it's default auth uses users table and user model?
In my opinion, there's no real need to separate the two. Administrators and typical users can exist on the same database table, because they are both users but can have different permissions.
It seems like you're just looking for a typical permissions system (ACL). There's multiple packages available that can help you handle this.
Orchestra Auth
Sentinel
Entrust
Normally as an admin is still an user you give them a role column and let say you have : users, moderators and admins. Then you got role 0,1,2 for them. Just make it an enum and if you need to check in Laravel use : Auth::user()->role == 2 for example of admin rights :)