Access to multiple roles

I have a different roles master admin, admin, sub admin and users

I have multiple roles master-admin, admin, sub-admin and users

below panel prefix group can be access by master admin, admin and sub-admin

Route::prefix('panel')->group(function () {
    // Access by master admin, admin and sub admin
    Route::get('/home', [HomeController::class, 'index'])->name('home');
    Route::resource('/orders', OrderController::class);
    Route::resource('/contactus', OrderController::class);

    // Access by master admin and admin
    Route::post('/manufacture/status', [ManufactureController::class, 'status'])->name('manufacture.status');
    Route::post('/masterbooks/status', [MasterBookController::class, 'status'])->name('masterbooks.status');
    Route::resource('/faqs', FaqController::class);
    Route::get('/faqs/list/view/{faq_slug}', [FaqController::class, 'faq_list'])->name('admin_faq_details');
    Route::get('/faqs/list/create', [FaqController::class, 'faq_category_list_form_add'])->name('faq_category_list_form_add');
    Route::get('/faqs/list/{id}/edit', [FaqController::class, 'faq_category_list_form_edit'])->name('faq_category_list_form_edit');
    Route::post('/faqs/list/', [FaqController::class, 'faq_category_list_form_add_submit'])->name('faq_category_list_form_add_submit');
    Route::patch('/faqs/list/{id}/edit', [FaqController::class, 'faq_category_list_form_edit_submit'])->name('faq_category_list_form_edit_submit');
    Route::resource('/college', CollegeController::class);
    Route::resource('/media', MediaController::class);

    // Access by master admin only
    Route::resource('/users', UserController::class);
    Route::resource('/abcd', UserController::class);
});

certain pages can only access by master-admin and certain pages can only access by master-admin and admin but not by sub-admin

how can I achieve this?

MichalOravec

5 years ago

Level 75

I recommend to you use this package https://github.com/spatie/laravel-permission

And you can do that with middleware https://spatie.be/docs/laravel-permission/v3/basic-usage/middleware

Route::prefix('panel')->group(function () {
    // Access by master admin, admin and sub admin
    Route::middleware('role:master-admin|admin|sub-admin')->group(function () {
        Route::get('/home', [HomeController::class, 'index'])->name('home');
        Route::resource('/orders', OrderController::class);
        Route::resource('/contactus', OrderController::class);
    });

   // other routes 
});

Or you can build your own middleware for that, similar example you have directly in the documentation

https://laravel.com/docs/8.x/middleware#middleware-parameters

1 like

aavinseth

5 years ago

Level 1

Hey while syncing permission dynamically based on routes I am getting error

"message": "The given role or permission should use guard `web,auth` instead of `web`.",
    "exception": "Spatie\Permission\Exceptions\GuardDoesNotMatch",
    "file": "D:\xampp\htdocs\project\vendor\spatie\laravel-permission\src\Exceptions\GuardDoesNotMatch.php",

Route::group(['middleware' => ['web','auth']], function () {
	Route::prefix('panel')->group(function () {
		Route::get('/', [HomeController::class, 'index'])->name('home');

		Route::resource('/users', UserController::class);
        Route::resource('/permissions', PermissionController::class);
        Route::resource('/roles', RoleController::class);
	});

	Route::get('/checkout', [CheckoutController::class, 'checkout'])->name('checkout');
	Route::post('/checkout', [CheckoutController::class, 'checkoutsubmit'])->name('checkoutsubmit');
	Route::post('/address', [UserController::class, 'addaddress'])->name('addaddress.submit');
});

but without auth middleware i.e 'middleware' => ['web'] I am not getting any issue

Please or to participate in this conversation.