Level 5
I guess you might be looking for abilities: https://laravel.com/docs/5.1/authorization#defining-abilities
1 like
Aug 6, 2016
3
Level 3
policy & roles best strategies/practices
Hello,
I am creating with a backoffice application which will handle operations such as client tickets, billing, dev projects. So far I've been using validation & form requests as a well as roles. (not permissions tho, just roles) Things are becoming more complex day by day and it's time for a refactoring.
I have a Ticket Controller where staff and admin can see all the tickets but clients can only see their own tickets. Right now I've implemented this check in the controller or form request. Could it be more dynamic in any way to predict future roles?
A better example is: we have projects, where the the devs(gfx, dev, marketeer) can their own sections in a project, but a manager can see everything as well as admin. That's against DRY techniques. With the above technique I will be checking in the controller
if ($admin) { projects::all() }
else if ($manager) { projects:all() }
if ($dev1) { projects::devassignments }
but that will be becoming more and more complex that way.
Is there any practice to perform these checks in a policy for example? But they are not exactly checks, every role follows a different controller logic.
:)
Level 3
I've read about abilities, form requests, validation but my real answer is here how to DRY the code up.
From my point a view it doesn't really matter if the checks is being conducted in middleware, form request, validation rule, gate what ever.
I am trying to avoid the different role logics, which means
if (admin) do that {}
else if (client) do this {}
the specific role checks is what I am trying to get rid of, architectarurally.
Level 47
Best practice is opinion and bull crap :). It always depends on the current and possible future scope.
Please or to participate in this conversation.