Laravel permission & roles in api

I am using laravel package laravel-permission

I am creating api in laravel to return json data.

How i can get a user roles & permissions? there is no login system in api, i can only get userId

How this can be done?

[email protected]

6 years ago

Level 15

Add api_token field to users table and put your routes under api middleware (in file routes/api.php)

https://laravel.com/docs/master/api-authentication

sman

5 years ago

Level 1

I am looking at maybe doing something like this.

https://stackoverflow.com/questions/43901719/laravel-middleware-with-multiple-roles

So:

Http\Kernel.php

protected $routeMiddleware = [
    ...
    'role' => \App\Http\Middleware\Role::class,
];

Http\Middleware\Role.php

public function handle($request, Closure $next, ... $roles)
{
    if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
        return redirect('login');

    $user = Auth::user();

    if($user->isAdmin())
        return $next($request);

    foreach($roles as $role) {
        // Check if user has the role This check will depend on how your roles are set up
        if($user->hasRole($role))
            return $next($request);
    }

    return redirect('login');
}

Then in API routes

Route::group(['middleware' => ['auth:api', 'role:manager, admin, editor']], function() { // Routes here });

1 like

munafio

4 years ago

Level 1

Check out this article https://blog.munafio.com/granular-permissions-with-laravel-apis-react-frontend-f5697441bb5

Please or to participate in this conversation.