Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

schwartzmj's avatar

Implementing some simple Roles for Users

I went through Jeffrey's tutorial on creating Roles and Abilities models with a pivot table, but it seems like overkill for what I'm looking to accomplish.

Essentially, my app will have 2-3 types of users: Child, Parent, and Admin. These types of users (roles) will be able to interact with another model Application (a form) in different ways depending on their role. There are also links between Parents and Children via a foreign key.

The general public will not be able to register for accounts, or if they do, an Admin will have to assign them the proper role (which 100% of the time should just be "Parent'). This brings me to a side question: should I have an "Unapproved" or "Unassigned" role as a default role? This role wouldn't be able to do anything other than view a page that says "an Admin must approve your account".

Parents will be able to create a Child user account, which is linked to their account by a foreign key. Parents can also create Applications, but Child cannot. Child can only edit the Application that the Parent created for them.

Parents will have multiple Applications for multiple Children.

My primary question here is this: should I just hardcode my list of roles somewhere within my models (or somewhere else) instead of storing this information in the database? I imagine there being a role field on the User model that either has a key (1, 2, or 3), which then maps to a string in a roles array, or the User role might just be a string itself (admin, parent, or child).

If I'm understanding Policies correctly, it sounds like I'd do all of my logic for the Application model there. For example, the create policy on the ApplicationPolicy would deny you if your role was child. A Child would also only be able to view an Application if the application's child_id field was their own, etc.

Also, just to clear up a few things with my User model, it sounds like I'd have a nullable parent_id field on all of my User models, is that correct? I'd imagine that's how I'd tie together a child and parent (but a Parent or an Admin obviously wouldn't have a parent_id).

0 likes
2 replies
siangboon's avatar
siangboon
5 years ago
Best Answer
Level 54

This brings me to a side question: should I have an "Unapproved" or "Unassigned" role as a default role?

It depend, you can do so, or consider make a role as default, in your case, perhaps Parent is the default role and parent can create user with child role only...

should I just hardcode my list of roles somewhere within my models (or somewhere else) instead of storing this information in the database?

if you are pretty sure your application will NEVER change then you can hardcode it for simplicity, but if you want to manage it, store it in database is better choice so you can rename it, add new role...

just to clear up a few things with my User model, it sounds like I'd have a nullable parent_id field on all of my User models, is that correct?

I think it's nothing wrong to have a nullable or 0 parent_id to determine the user as parent, to database, it's just a value, but you are the brain on the system to decide how to do with this value...

the policy is usually functions as declaration of the rules/policies to determine what condition to allow on that MODEL, so that you can call the policy checking on your controller or blade file...

Please or to participate in this conversation.