How can a user have many roles?

You might want to check out its documentation

So it looks like you just run the attachRole() method on the user...

// role attach alias
$user->attachRole($admin); // parameter can be an Role object, array, or id

@sebastian.virlan you'll need a pivot table with columns like 'role_id' and 'user_id' referencing the roles and users table respectively.

Every role has certain permissions associated with it. So may be you need to grant a user some of those permissions, but one role does not have all those permissions. In that case, a user may be given 2 or more roles.

You can implement role based authorization yourself too. Not that big a problem. Start here:

https://laracasts.com/series/whats-new-in-laravel-5-1/episodes/13

@usama.ashraf the package @sebastian.virlan references comes with that all included and a many-to-many setup. So it's all there already.

Since the relationships are setup out of the box, you can use:

$user->attachRole($roleID); // Attaches one role to the user
$user->attachRoles([]); // Attaches multiple roles, just pass in the id's as an array

To detach them, use:

detachRole($roleID);
detachRoles([]);

So in your case, create a Super Admin role and allow all permissions on that role, then create an Admin role with the permissions of your choice. Again, there are methods for this:

$user->attachPermission($permissionID); // Attaches one permission to the user
$role->attachPermission($permissionID); //  Attaches one permission to the role, you can then assign that role to the user

// Again, to assign multiple, use the plural version
$role->attachPermissions();

$user->attachRole($role);

Permissions must first be created, it's all in the documentation. Example:

// users.create => permission to create user
$perm = Permission::findOrFail(1); // This is our pretend permission above.
$role->addPermission($perm);

Entrust has two modes:

1. Strict Mode which only allows a user to access what the role is entitled too and no other permissions. The user must have the permission on the role to access X. If they have a permission assigned to themselves, they can't use it.
2. The normal mode which allows you to assign roles to a user and permissions to a user, if the user's role doesn't have the permission but they have the permission by itself, they can access it.

Ohh sorry guys, I think I did not make myself clear. Is not about the implementation of the library, is about the idea. How can a user have 2 roles? How can be in same time Owner and SuperAdmin?

Why not, people in many settings have multiple roles....!?

It just depends on your system, but let's say you have a role called writer and reader.

By default each user is a reader, so they have one role. But what if you want another use to post articles on your site. You give them the role writer as wel;. This means that they can read stuff and write stuff.

I think you have something like this in your head. If you are a write you can also read stuff. But if you split it in multiple roles you need to have both roles to do something.

All packages implements multiple roles for users. I also think that multiple association is an headache to organize and documenting an authorization system.

Reader/Writer it's probably one of the few examples that fits well multiple association between users and roles, but also it may be less useful to represent a real case.

If you need to limit access for different types of users to specifics area of your application it would make sense to have multiple roles for each user?

I think no, and worpress is a clear example.

I usually add a field or two in the users table to handle more roles.