Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
In my project, I have used Zizaco/entrust package.
I need to check whether the user has a role administrator/super admin/employee?
Since it needs to check for all the pages, I stored it in the session when the user authenticates like:
protected function authenticated(Request $request, $user)
{
session(
[
'isLoggedIn' => true,
'isAdministrator' => $user->hasRole('Administrator'),
'isEmployee' => $user->hasRole('Employee')
]
);
}
It works like a charm. Is it the best practice since the non-admin users can change the session values. If not, what is the best practice to implement besides querying in all pages?
You really need to watch Jefferies at least free video where he covers basic authentication and authorization.
How do Zizaco/entrust examples work. Session is the way it usually works.
since the non-admin users can change the session values.
I don't understand what you mean, how is the non admin users in your system changing session values.
@JLRDW - Thank you for the reply,
Yes, I could see the implementation of policy and gates.
But I am unable to find to limit the query based on the role.
Eg: Only super admins can view all the branches. And the employee can view only the current branch he/she is assigned with.
I don't use that package but see my reply here and there's some other links that talk about authentication and authorization which may give you some ideas.
All of the various RBAC packages are going to be somewhat similar just implemented a little different.
One of those links goes into the role and restricting to someone who's not allowed.
@JLRDW - Thank you! It worked like a charm.
Please or to participate in this conversation.