I want to assign specific role for registered user to distinct access in application. As instance I need roles: admin, operator.
Is it possible to do with Laravel Passport?
Whats difference between grand and role?
There are no such thins as roles on passport, you have scopes. As for the grant types they define a flow which your app should follow in order to get valid credentials, i recommend you to read the following article and to look for oauth2 documentation so you get a little more insight on the matter.
https://laravel-news.com/passport-grant-types
#Karim soubai already mention how to achieve roles.
Related
I'm trying to implement Sanctum SPA authentication with roles (user/admin). The thing is that I want to use separate admin table.
Read all of the laravel documentation related to that subject but with no result.
Tried to make a new guard and provider inside of config/auth.php but didn't succeed at conjunction it with Sanctum.
Any additional resources and ides how to do it will be appreciated! :)
Sanctum (SPA auth) only deals with authentication (who you are) - what you are asking/looking for is how to authorize users (what you can do) to perform/access specific resources.
If what you need is only to separate users between regular users and admins, you can get away with a boolean column on the users table: is_admin and then use that to check wether a user is an admin or not.
If you need more granular control, you could probably make use of Spatie's laravel-permissions package.
what I want to create is Laravel 5.2 Admin and there are around 200 users who will use it with different permissions, so you can say 200 roles with different permissions.
I was planning to eliminate the role part from the picture and create some slug based mechanism, slugs will be related to controller public functions in short routes.
In Admin panel superuser will be able to assign permissions to user on controller functions with slugs.
Is this possible with any existing laravel package currently? If not then what will be the optimal solution you guys propose.
I always use Spatie Package, it is very flexible. You can manage role & permissions or only permissions. It is full of functions that make it easy. Check the documentation.
spatie-laravel-permission
Actually I am beginner in Laravel. By the way, I am using auth and there is a wonderful method, I mean "check" of Auth facade that enable you to protect all routes or controller in that way you want. But Befor this I should say which users can use this route or controller and which users can't.
I seach for it but I didnt find.
Actually I miss a part of this authentication mechanism in Laravel.Please help me about this.
Laravel has a feature called Middlewares where you can check for the user role based on your role_id.
Please see the below link for more clear reference.
https://laravel.com/docs/5.8/middleware
Happy Coding.:)
You need to use middleware for this kind of functionality. Read about middleware in laravel documentation here
Moreover you can use this package to create role for users if you don't want to create roles from scratch. Just add user to a role and use the role name as the middleware.
Have you gone through with ACL stuff in laravel??
Well it will work as per permission which is given by user as per it's role.
For an example Admin has all role so he can access anything. Employee has few rights to access modules so that will define as per need in laravel and that user that do not have access to use some module they'll get some error desgined by developer.
So this all handle through Middleware, and generally that defines by acl
Anything else you want to know?
I need role based system in laravel , when i add user with role , each role have different permission how can i implement this role and permission for user in laravel
Note: one user have multiple role and permission
There is a good package for implementing Role-based Permissions in laravel :
https://github.com/Zizaco/entrust
Update:
A newer one with Laravel 6 support :
https://github.com/spatie/laravel-permission
There is a lots of package for role management with this you can also develop your own role management system. You may try with Sentinel, it's too much popular. First read the documentation and then implement.
since laravel's built in authentication uses user model? For example I want to separate the admin from the user so I will build two different layers in my application, the admin and the user. How can I achieve this to laravel since it's default auth uses users table and user model?
In my opinion, there's no real need to separate the two. Administrators and typical users can exist on the same database table, because they are both users but can have different permissions.
It seems like you're just looking for a typical permissions system (ACL). There's multiple packages available that can help you handle this.
Orchestra Auth
Sentinel
Entrust
Normally as an admin is still an user you give them a role column and let say you have : users, moderators and admins. Then you got role 0,1,2 for them. Just make it an enum and if you need to check in Laravel use : Auth::user()->role == 2 for example of admin rights :)