Filtering query results based on permissions

Hello, I would like to know what is the best approach to filtering eloquent query results based on user permissions. Let's say I have Orders with many possible statuses including open and ready and many user roles including admin and operator. On the same view I need to display filtered orders based on user role. E.g. admin will see all of them, operator will only see open orders, another role will see a combination of statuses etc.

I am thinking about few options:

Filter it through global scope - somebody said scopes are not suitable for filtering (why?)
Filter it in each controller - but there are many controllers / actions around Orders
Filter it directly in templates in every foreach - sounds weird.
???

Thanks for any advice.

Talinon

8 years ago

Level 51

Sounds like a good case for creating a repository which you can inject into your controllers. This way the logic is contained in one place and not scattered throughout your application's controllers and templates.

The repository would be responsible for worrying about building the query scopes that interact with the database based upon the authenticated user's permissions.

If you are unfamiliar with the repository pattern, just google for it.. there are plenty of examples.

Snapey

8 years ago

Best Answer

Level 122

scopes would be my recommendation

see dynamic scopes below here https://laravel.com/docs/5.5/eloquent#query-scopes

You could pass in the user or the role into a scope and the put your additional where statements in there that vary according to the role passed

1 like

Please or to participate in this conversation.