I have watched this video. https://laracasts.com/series/whats-new-in-laravel-5-1/episodes/16 (disappointed that he didn't added the route level permissions using middleware)
I understand all the aspect, but I'm confused that how I can handle the permission dynamically? Let suppose, I have created the permission 'edit-manager' so this permission act as editing the manager. So how I can handle it dynamically? Should I edit the source code again and add this permission check as $user->can('edit-manager')? or how I can handle it?
I have to edit the code each time when I create the new permission?
@ROBSTAR - I'm sorry for that, but I'm not understanding you, can you please explain? where first you wrote the permissions? direct in database? then fetch permissions and save in the config file? or reverse process?
Similar to what @robstar stated. If you really need dynamic you have to figure out your workflow (assuming that is your question too) meaning you need to tie into some events and listen to update things as needed.
Example:
You have a basic cms where you can create pages and menus. When you create a page and menu link you also trigger a permission(s) to be created and assigned to admin user or role at least for maybe editing that page. And assign roles or users or even guest (anyone) permissions to view. So you are not hard coding the permission persay but on request seeing if a relationship exists to allow access.
polymorphic relationships help a lot in your permission table along with a type 'create', 'edit', 'read', 'delete' etc.
@ASIFMUSHTAQ38 - Personally, I store all permissions in a config file, I use this as my single source of truth to populate the database.
I've seen people create separate crud screens to create permissions. I've never seen the need for that.
If you use https://github.com/spatie/laravel-permission all the work is done for you. IN your application you need to use a few helper functions and middleware that has been created for you.
@ROBSTAR - Can you share your "permissions in config file" demo project? I know it is frustrating you, but I'm new to laravel so that's why I want a working demo to understanding it.
<?php
/**
* A grouped array of all relevant user permissions within then system
* For update check against .edit and .update routes
* For create check against .create and .store routes
*/
return [
'Nesting Analysis' => [
'route' => 'nesting',
'description' => 'Access and manage nesting analysis functions',
'icon' => 'cogs',
'rules' => [
'Create an analysis request' => 'nesting.create',
// additional rules ...
],
],
// additional entities ...
];
The actual permissions are contained within the rules key. The other keys are used to populate a Vue component I have on my roles screen that allows administrators to assign individual permissions to roles. THis allows permissions to be fully granular.
@ASIFMUSHTAQ38 - There's no online tutorial I know of, I wrote it a while ago myself when I discovered the laravel-permissions package.
I have a single file (above) containing all my permissions (the route, icon and description keys are for my UI to manage permissions, with I built in Vue)
When I add / remove permissions I run a Laravel artisna command (system:sync-permissions)
This command loops through my array of permissions. If the permission does not exist in the database it creates it
During my deployment process, the console command is ran to sync. permissions from the config with my live database
