the_lar
10 months ago

ACL and controller sanity check

Posted 10 months ago by the_lar

Hi all,

Just wanted to check that I'm doing something correctly...

I'm building an app which implements some basic ACL via Roles and Permissions and I've scaffolded the out of the box auth. I've created a User and given them a role of 'Administrator', that has a permission of 'manage_users'.

So now I need to create a manage_users page which only those with the correct permission can access. Here's what I've done...

web.php

Route::get('/manage_users', '[email protected]');

ManageUsersController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class ManageUsersController extends Controller
{
    static $access = 'manage_users';
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     *
     * Effectively the manage users dashboard
     *
     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
     */
    public function index()
    {
        return view('users', ['access' => $this::$access]);
    }
}

And inside users.blade.php

@can($access)
                        Manage the users
                    @else
                        Sorry mate it's above your pay grade
                    @endcan

Mainly I want to check if this is the correct approach and whether it's OK to use a static variable on the controller in the way I have.

Much appreciated Kevin

Please sign in or create an account to participate in this conversation.