Best way to use Spatie permissions - In controller or routes?

Hello,

I have never used Spatie permissions before and would really like to know how you usually use it please?

In blade for example, I believe you only add the role as:

@if(user()->hasRole('Admin'))
//Show me this if Admin
@endif

But where I am confused is regarding the permissions. As I am using backpack, the permissions and roles are integrated in the admin panel UI, all good. I created a role , ie: Admin and create 2 permissions:

'read text' and 'edit text'

My question is, where should the permissions be checked for please? In the controller or route?

If in the controller, shall it be in the constructor or not?

Would someone has a good example please?

Thank you so much.

jlrdw

6 years ago

Level 75

Have you looked at the spatie examples. It's not on that main github page you have to look for a link to it.

There are many examples.

LaraBABA

6 years ago

Level 10

Thanks, I found a link to this page: https://docs.spatie.be/laravel-permission/v3/basic-usage/middleware/

I believe you meant this link. Yes this helps me a lot more than the github page:-)

Ok so from what I understand, I can simply add the permissions to the routes only and not bother about adding them inside the controllers. To be honest I think it is cleaner thought the routes, all in one page.

jlrdw

6 years ago

Best Answer

Level 75

I also use in controller at times and in query Scopes to determine who can see what like an admin can see all, a user can just see their data.

Authorization is used as needed and where needed, it's a very spread out thing.

See https://gist.github.com/jimgwhit/ed44a6c81815804f1ab910ce9eb88d84

Has a scope example, not spatie but it would be similar usage.

LaraBABA

6 years ago

Level 10

Thanks, very usefull!