1 year ago

Question towards access control list (ACL). Should be a "normal" User be a role?

Posted 1 year ago by shadrix

I'm currently learning about ACL but I'm not quite sure how I should implement it.

My current user migration table looks like this:

Schema::create('users', function (Blueprint $table) {


So I'm thinking to remove the last two booleans in favor of the role ACL table.

Some questions I have:

Would you create a role with the name "buyer"? That is the normal user on my platform, where confirmed is set to true and the seller is set to false.

What about "unconfirmed" users? Those who did not confirm the confirmation mail yet? Would you create a role for them as well?

Another question is that how would you define the user factory?

Normally, I would just write:

factory->define(App\User::class, function (Faker $faker) {
   static $password;
  return [
    'name' => $faker->unique()->userName,
    'email' => $faker->unique()->safeEmail,
    'password' => $password?: $password = 'secret',
    'avatar' => $faker->imageUrl(220, 220, 'people'),
    'confirmed' => true,
    'cook' => true,

How would you attach it when the syntax would be $user->givePermissionTo('create offers');?

Thank you!

(p.S. sorry about all the questions, normally I would have created more discussions...)

Please sign in or create an account to participate in this conversation.