Level 75
Instead of
'middleware' => 'auth', 'middleware' => ['role:role1']
use this
'middleware' => ['auth', 'role:role1']
Or
->middleware('auth', 'role:role1')
Oct 14, 2020
7
Level 1
Roles & Permissions in web.php
Hi All, pretty new to laravel, please do help. I understand its best practice to follow the resource controllers format, however, for some reason the existing setup has too many functions (large project) that's not properly arranged in resource controllers format. How to handle the Roles & Permissions if I would like to provide specific permission to a user?
Also, can the following routes be used for permissions? or is that essential to have Route::resource only?
Route::any('XXX','Yyy@zzz');
Additional Details
- Using Laratrust for Roles & Permissions
- Laravel version : 7.
Example:
Role 1 has access to view
Role2 has access to view and Edit
Route::group(['middleware' => 'auth', 'middleware' => ['role:role1'], 'namespace' => 'role1'], function () {
Route::any('list', 'MyController@list');
});
Route::group(['middleware' => 'auth', 'middleware' => ['role:role2'], 'namespace' => 'role2'], function () {
Route::any('list', 'MyController@list');
Route::any('edit/{$id}', 'MyController@edit');
});
Can someone please suggest & help?
Level 75
You can protect individual methods, just example:
public function update(Request $request, Post $post) {
if ($post->author !== auth()->user()->id || auth()->user()->cannot('edit posts'))
abort(404);// or redirect, or whatever action
}
//rest of method if all okay
}
The from scratch series has several videos on authorization (gates and policies).
Level 1
Thanks @jlrdw , i will check this out. Is there any way to do from web.php ?
Level 1
Sure thanks @michaloravec that would look cleaner. I am actually looking for ways to control access to a specific URL via web.php, any suggestions on that please?
Level 102
Just add it to that route (just an example)
Route::any('list', 'MyController@list')->middleware('role:role1');
Level 75
I think you already have it, don't you?
If it has to be only for one route, don't use it on a group but directly on the route how @sinnbeck said.
Level 1
Thanks a lot, @michaloravec @sinnbeck for the help. That fixed it :)
Please or to participate in this conversation.