Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

jrdavidson's avatar

HasPermission Method For Roles And Users

So I'm trying to figure out what I should do in this situation. I was told I should remove the hasPermission method to my Role class. Is this something that anyone can verify would be the best choice for this.

I was told this as the explanation.

Add hasPermission method to Role Class also and call it here. So that you keep the scope of the object limited to it's own relations only.

    /**
     * Checks to see if the currently authenticated user has permission to edit users and if they can edit the requested user through a lesser important role.
     *
     * @param User $authenticatedUser
     * @param User $user
     *
     * @return bool
     */
    public function edit(User $authenticatedUser, User $user) {
        return $authenticatedUser->hasPermission('edit-a-user') && ($authenticatedUser->role->importance > $user->role->importance);
    }

<?php

namespace App\Traits;

use App\Models\Role;

trait HasRoles {

    /**
     * Relationship between a user and their role.
     *
     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
     */
    public function role() {
        return $this->belongsTo(Role::class);
    }

    /**
     * Verifies user has specified role.
     *
     * @return boolean
     */
    public function hasRole($role)
    {
        if (is_string($role)) {
            return $this->role->slug === $role;
        }

        return $role->contains('slug', $this->role->slug);
    }

    /**
     * Verifies user has specified permission.
     *
     * @return boolean
     */
    public function hasPermission($permission) {
        return $this->role->permissions->contains('slug', $permission);
    }
}
0 likes
5 replies
jrdavidson's avatar

I appreciate you taking the time to reply to my message however at this time I'm not looking to add a third party package to my project.

cklmercer's avatar

If both you have multiple models with the same relationship then it makes sense to use a trait, especially when they have identical APIs.

jrdavidson's avatar

I'm trying to figure out what's wrong with my authorize method. Any thoughts?

<?php

namespace App\Http\Requests\Titles;

use App\Http\Requests\Request;

class TitleCreateRequest extends Request
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return $this->user()->role->hasPermission('store-an-title');
    }
}


<?php

namespace App\Models;

use Illuminate\Database\Eloquent\SoftDeletes;

class Role extends AppModel
{
    use SoftDeletes;

    protected $dates = ['deleted_at'];

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
       
    ];

    public function permissions()
    {
        return $this->belongsToMany(Permission::class);
    }

    /**
     * Verifies role has specified permission.
     *
     * @return boolean
     */
    public function hasPermission($permission) {
        return $this->permissions->contains('slug', $permission);
    }
}

Please or to participate in this conversation.