Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi
I'm planning a multi customer website to manage teams. Customer can create users, teams, events and so on. As I'm new in developing with Laravel, I'm wondering if I'm on the right path with my permission concept. I thought, that I will implement different roles like administrator, editor and reader. Data for events, members, teams and so on are stored in different tables. Is it ok, if I store the permission in one separate table 'permission' which will have following fields...
With different policies I would check if the user is authorized to do any actions. For example if the user would like to add new members to a team, I would perform a query to the table permissions. If there would be an entry with the user_id, the role 'editor', the type 'teams' and the id of the team, he would be able to perform the action.
Is this solution ok or is there a more easy or better way?
There are hundreds of ways o implement. But one thing to mention, if roles (an array in my case) is in the users table, then the data is already available by
Auth::user()->role;
Of course you'd still have to explode to get the various roles.
But if you need to do extra queries, that's up to you.
Thanks, but the role can't be in the users table, as a user can have different roles for different teams, events and so on. For example a user can be a reader at Team One but an editor for Team Two.
medium has this article: A full-featured multi-tenant app with Laravel Part 2
Sorry I don't have link.
But roles and permissions are discussed.
You should look at this: https://github.com/spatie/laravel-permission
you may need pivot tables to store the role and permission, user and role
https://laracasts.com/series/whats-new-in-laravel-5-1/episodes/16
Please or to participate in this conversation.