Level 22
To clarify, I'd like to be able to use this in a way similar to the @can blade directive and its relatives.
Mar 13, 2017
6
Level 22
Accessing User roles from Vue in an SPA
Maybe I haven't found the right articles to guide me in the right direction, but I haven't been able to figure out a solution to my problem.
I'd like to be able to use a package like Entrust to handle User roles, but I need to be able to access these roles and use them to change available sections within a Vue SPA, and I haven't figured out the best way to work with this situation.
If someone can recommend an article to help me with this problem or give me a general idea of the way to handle it.
Thanks!
Level 5
You can make an API from your back-end where it lists all the available role+permissions that are applicable to authenticated user. From there, make a javascript helper.
From Laravel, do something like this...
// For permissions:
return Response::json(Auth::user()->perms->pluck('name'));
// For roles:
return Response::json(Auth::user()->roles->pluck('name'));
Javascript
// Populate these array with the response from your API.
var roles = [];
var permissions = [];
Here's a snippet for checking whether an item is in array. [Ref: http://stackoverflow.com/questions/143847/best-way-to-find-if-an-item-is-in-a-javascript-array ]
function array_has (arr, obj) {
return (arr.indexOf (obj) != -1);
}
Create the object where the logic for determining if the authenticated user has the role/permission.
var Auth = {
is = function(role) {
return array_has(roles, role);
},
can = function (permission) {
return array_has(permissions, permission);
}
}
Now to check whether the user can write-post
if (Auth.can('write-post') { /* ,., */}
And to verify a user has a role...
if (Auth.is('manager')) { /* ,., */ }
1 like
Level 22
Thanks to @silverxjohn for leading me in the right direction.
What I ended up doing was adding a roles array in the window.Laravel section in my blade layout. Then, I could set that to this: {!! Auth::user()->roles->pluck('name') !!}, and finally put the code below in my bootstrap js file to give me Auth.is('role') capabilities.
window.Auth = {
is(role) {
return (Laravel.user.roles.indexOf (role) != -1);
}
}
Perhaps this isn't the best solution, but it worked for me.
1 like
Level 47
I personally when a user logs in return json with auth token and required data, such as name and roles etc..
Then you have access to said data. But always double check on requests to ensure truthlyness of requests if a role is required. Via middleware.
Level 4
Consider this scenario:
<p v-if="Auth.is('admin')">This is a very sensitive info and only the admin is meant to see it </p>
<p v-else> You are not an admin </p>
What if a user opens up the console and runs Laravel.user.roles.push('admin')?
How did/would you tackle that?
1 like
Level 1
@tanmay_das You need to verify roles and permissions on server side in request also.
Please or to participate in this conversation.