Level 5
Ideally, you'd have some way to protect or guard your routes from those not authorized to see it/access it, including any API endpoints for updating, etc, based on those roles.
Nov 29, 2016
2
Level 7
How to properly manage actions through user roles in Laravel app?
I have three user roles in my app: user, superuser and admin. The admin should have the highest permissions, to handle all controller actions, to view all parts of my views' files and to create institutions and users for the particular institution. Superuser will have slightly less permisions, that means it can create only users that belongs to it's own institution. And the users will only be able to update their personal profile data.
How would you suggest to handle these permissions? I thought about creating UserController, AdminController and SuperuserController, and belonging middlewares: admin and superuser, but I don't think it is good practice if I will be adding more roles in future.
Level 7
What do you think is the most preferable way of doing it?
Please or to participate in this conversation.