Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm using laravel backpack for a site with the permissionmanager from Spatie https://github.com/spatie/laravel-permission .
I have different roles, like admin, moderator, user, etc. What's the best way to implement the roles and permissions in my application?
Should I use middlewares? Should I call the constructor and check the permissions there? If I would use middleware, would I need to create middlewares for each permission I need to check, like a middleware for create, one for edit and one for delete? Admins for example can do litteraly everything. Moderators not and user just have a few permissions.
I really don't have a clue at the moment.
I'm using permissions for the first time so please apologize the noobish questions.
I'm thankfull for every advice/help.
If you are implementing on your project only three user levels then I suggest using middleware. This would be the easiest way just be defining on users table the user level (admin, moderator or user). If your users have to do more specific tasks and they have to have predefined permissions on database than you have to use also the policies (or gates).
https://laravel.com/docs/5.5/authorization#gates
https://laravel.com/docs/5.5/authorization#creating-policies
Please don't hijack old threads. Createa new one for your questions.
Please or to participate in this conversation.