I have run into an a technical challenge. I'm using the Laravel-permissions package by Spatie to manage permissions and roles but I now need to be able to assign roles for a given scope (per se). A user can join multiple organization and an admin of the organization should be able to assign roles to that user in the given organization (Admin, Moderator, etc.). But each time a user joins a new organization, the user should have a role assigned to them for that specific organization.
To complicate this even further, users can also join the difference groups an organization admin create. Users need to either be a regular member or designated as a moderator within that group. I'm guessing this is something I will need to do in my pivot table.
How can I accomplish this? I need sometime of permission scoping. An admin in the global scope will need to be able to do a lot more than the admin of an organization will be allowed to do.
If anyone can help me it would be much appreciated!
I would give the admin different names as a first step:
admin_global // however you name
admin_org_a
etc.
Allow for dual roles of course.
Otherwise you will have one admin of something doing something in something else.
Just suggestion.
Ok. But we may have hundreds of organization. Maybe I could scope the roles in the my 'roles' table?
@lukebouch before making a final decision on setup, look at Jetstream teams as well.
https://jetstream.laravel.com/2.x/features/teams.html
Just a thought.
I’m almost done with the application so I do not know how I would install Jetstream when everything is already built. It might be possible and maybe I’m wrong but I think the integration would be difficult.
I would like to extend Laravel-permissions by Spatie as that is what I’m using for the “global” permissions.
@lukebouch you can extend classes and work out custom code, see this answer.
https://laracasts.com/discuss/channels/laravel/how-to-extend-spatiepermissionmodelspermission-model
But I would start by writing out a role tree with pencil and paper first till it looks like it makes sense.
This (what you are doing) can be one of the trickiest parts to work out. I generally protect at method level and tweak what a user can or cannot do in the actual query or query scope.
Please or to participate in this conversation.