Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

DKQ's avatar
DKQ
OP
9 years ago
Level 1

Mental problem with registering admins and users.

Dear develolers. I beg your pardon for a quite dummy Q but will apreciate any thoughts.

I need a draft project for future apps. It may be a sm social app or a sort of a shop.

I need three types of users.

Admin or super admin with a full access.

Staff area. Users area itself.

So. How to glue this up? I am sure that this is the basics but anyway.

I can manage a general auth logging in and out with passport i.e.

But i cant feel how to start. Who is the super admin/owner? Which will grant admin rights and authorize staff regarding their responsibilities?

In case of social app i mean first i need to register super admin who will manage moderators for example.

Sorry for curly words but hope smb will understand me.

0 likes
1 reply
jekinney's avatar

Acl. Which is roles and/or permissions.

There are a huge amount of packages plus laravel has some methods to help to. Guards etc.

Which and how as always depends.

On a personal note, I code it myself versus packages or using guards.

Roles: create a role model and migration. Generally use slug, name and description. (Same for permissions).

Create a pivot table for role to user.

Create a hasRole method on user model. This checks if the passed in role slug variable equals a role assigned to a user (conatins()).

Reruns true or false.

Create middleware to protect routes. role:admin. The admin is the required/passed in role. The middleware checks if auth user has role. True continue false redirect.

This way to your roles are dynamic, meaning more so you can add roles as needed with out changing models or tables.

Permissions, same as roles but a pivot table permission to role. As it's generally very messy to assign individual permissions to a specific user. Use role to a group of permissions. Then a user has one or two roles not 50 permissions.

Has permission method then loops through a user's roles. Checks if each role contains a permission of slug string. Returns true or false.

Obviously you can add to this, maybe a user requires a three permissions to access a create page. Like admin, can create, can post or what have you. Then create a has permissions that accepts an array, and a Boolean of all required (defaults to false). Loop through same as has permission method. But check if user doesn't have permission and required true return false. Otherwise continue until false or done looping. If all not required and a permission true just return true early. No need to continue looping.

As for registering: either register a user by admin or after a user registers assign a role. I generally, if you know a lot of staff need to register as soon as deployed, set a temp route and controller up that accepts a code. This code when checked and approved with fire an event or what have you, that will assign the new user a role. Or if importing users from an old database. Set up an artisan command. Import users, adding role and email out temp passwords or leave null so the first login they have to set a password.

Please or to participate in this conversation.