Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Angeloudis's avatar

Roles & Authorazation

I am creating an application with some Restaurants .

My logic is that we have user with different roles that can login to the app and see/do different things (admin , shop manager, waitor etc ) .

Its an application that different restaurants manager from different restaurant will login and add/edit/view their categories/products/sales/employees(users with role: waiter) etc of their own shop.

So i have the admin (me) who can create Users(role: shop managers ) view/edit all restaurants and also their product/categories/sales etc.

I want shopController index shows different shops to different roles who can do different things .

Admin -> can see/edit/add shop ALL Shop manager -> can see/edit/add shop (HIS) Waitor -> see shop (HIS)

The logic is the same with products / categories/ sales etc .

I want to know what is the best way to create my laravel logic .I have a model Roles related to the model User. Maybe inside the controller to check the role and show differerent views or inside the view to see the role to show different things ? And how to check on edit or view of a single thing if this belongs to me to edit?

0 likes
3 replies
jdunsmore's avatar

Create middlewares for each user group.

Then in your routes you could do:

Route::get('/users/add','UserController@list')->middleware('admin');

Or controller based you could do:

AdminController

public function __construct(){
        $this->middleware('admin');
}

Docs for middleware here:

https://laravel.com/docs/5.5/middleware#defining-middleware

Within your middleware you can query the users "role" and see which level they are.

jdunsmore's avatar

I believe policies are intended for authorizing a user against an action.

Policies are classes that organize authorization logic around a particular model or resource. For example, if your application is a blog, you may have a Post model and a corresponding PostPolicy to authorize user actions such as creating or updating posts.

Please or to participate in this conversation.