Level 20
Yes that’s the right way to do it. I would go even further and move all the logic inside a scope, say availableLocations() or smth like that, which filters down the entries to only what that user should see.
1 like
Nov 17, 2020
3
Level 2
Backpack - Filter CrudController list by user role? Best practices?
This is a bit of a niche question, but hopefully it touches upon general Laravel best practices/architecture.
I have a number of users in different Groups managing content for different Locations and a Laravel Backpack backend panel.
I want users in particular a particular Group only to be able to see content in a corresponding Location.
I've installed spatie/laravel-permission and have set up some roles, and assigned users to these roles accordingly.
Laravel Backpack uses a setupListOperation() to generate the panel view. Is the correct way to show the corresponding content, simply checking the user role here and building the query accordingly?
protected function setupListOperation()
{
if (backpack_user()->hasRole('Moderates Example Location')) {
$this->crud->addClause('whereLocation', 'Example');
...
(Of course, with guards before writing/viewing/updating so they can't just iterate by id)
Is this the right way to go about it? Or am I missing something fundamental (eg something to do with policies, guards etc)
Level 2
@updivision thanks for the response - you are exactly right that a scope is the way to go since it will apply globally. In case this can be of help to anyone:
I created /app/Scopes/RoleScope.phpwith all the logic in there.
Then in my model /app/Models/Post.php:
protected static function booted()
{
static::addGlobalScope(new RoleScope);
}
Now the Post automatically applies the RoleScope logic wherever it is accessed.
1 like
Level 6
Thanks @updivision and @waffl, I'm doing something similar now and came across this. Very helpful!
Please or to participate in this conversation.