Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Red's avatar
Red
OP
10 years ago
Level 4

Roles and Permissions with Resources

Hi, folks!

Basically I'd like to build a RBAC system for my new site. So I created a Role and a Permission Model, created a pivot table, ... basic stuff.

Now I encountered a problem. I'd like to restrict access to specific resources. For example: The Role "Editor" has the Permission "access.category" for a Category with the ID of 5.

I tried it this way and thought I just ask you whether that's a good idea. (no foreign keys here for brevity)

Schema::create('permission_role', function (Blueprint $table) {
    $table->increments('id');
    $table->integer('permission_id')->unsigned()->index();
    $table->integer('role_id')->unsigned()->index();
    $table->integer('resource_id')->unsigned()->index()->nullable();
    $table->unique(['permission_id', 'role_id', 'resource_id']);
});

This way I should be able to use e. g.

$user->can('access.category', $category->id);

Are there any downsides of this approach?

0 likes
0 replies

Please or to participate in this conversation.